Qilin Ransomware Targets Habib Bank AG Zurich, Steals Nearly 2 Million Files
The Qilin ransomware group has reportedly infiltrated the internal systems of Habib Bank AG Zurich, claiming to have exfiltrated more than 2.5 TB of confidential corporate data.
Headquartered in Zurich, Switzerland, Habib Bank AG Zurich (HBZ) is an international banking institution providing a wide range of commercial, corporate, and personal banking services. With operations spanning 11 countries across four continents, HBZ’s core business areas include commercial and corporate banking, personal banking, trade finance, Islamic banking, and wealth management.
On November 5, the Qilin ransomware group announced that it had infiltrated the internal network of the financial institution, listing HBZ as a victim of its cyber attack on the group’s data leak site. The group claimed to be in possession of 2.6 TB of data, comprising over 2 million files.
🚨Cyberattack Alert ‼️
— Hackmanac (@H4ckmanac) November 5, 2025
🇨🇭🇦🇪 - Habib Bank
Qilin hacking group claims to have breached Habib Bank.
Allegedly, the attackers exfiltrated 2.6 TB of data, including internal, financial, and customer information such as client emails, credit positions, KYC records, deposits,… pic.twitter.com/0F0036Eqcg
The compromised database included internal documents, financial, and customer information, client emails, credit positions, KYC records, deposits, transaction details, blacklist databases, employee information and more.
HBZ has not yet confirmed the claims made by the threat actors or provided any official statement regarding whether the company has experienced a potential data security incident affecting its internal systems or confidential information.
The Qilin ransomware group is a Russian-speaking cybercriminal syndicate known for ransomware-as-a-service (RaaS) operations. Originally launched as "Agenda" in August 2022, it was rebranded as Qilin in 2023. The group targets a wide range of sectors globally, including healthcare, automotive, media, and public services, often stealing large volumes of sensitive data and demanding ransom payments.
Notable incidents attributed to Qilin in the recent past include a cyber attack on Yanfeng Automotive Interiors, a major Chinese automotive parts supplier, disrupting production for automakers like Stellantis, GM, Volkswagen, and others. The group also targeted Lee Enterprises, an American newspaper publisher, stealing up to 350 GB of confidential data and causing operational disruptions.
Qilin is known for using custom tactics like file extension changes and process termination to maximise impact. They exploit vulnerabilities, including zero-day exploits like "Citrix Bleed," to gain unauthorised access.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543