ctipilot.ch

Home · Live brief · Daily brief 2026-05-08

Qilin ransomware hits Die Linke (Germany): 1.5 TB claimed, DPA notified (~April 2026, first coverage)

notable incident discovered 2026-05-08 05:00 UTC single-source

Entities: Die Linke (Germany)

Part of run 2026-05-08-migrated (intel · unknown)

The German federal party Die Linke confirmed in April 2026 that the Qilin ransomware group (also known as Agenda, a Rust-based RaaS platform known for double extortion) encrypted and exfiltrated its systems, with the gang claiming 1.5 TB of internal data. The party's data protection officer notified the responsible Landesdatenschutzbehörde (state DPA). Die Linke issued a victim statement acknowledging operational disruption; no ransom figure has been publicly disclosed. Qilin has targeted political parties and civil-society organisations across Western Europe since 2023. This breach is approximately four weeks old but has not been previously covered in this brief series.

ransomware data-breach europe dach