Qilin Hits Handmade Leather Manufacturer in Bangkok

Just today, the RaaS (ransomware-as-a-service) cybercrime group known as Qilin breached the servers of Adiantes, a Thailand-based company, formerly known as Krusell Thailand Co Ltd. The company operates an international supply chain, manufacturing high-quality leather goods to produce ethical and sustainable products.

For clarity, the company is known as Adiantes, although they were formerly known as

Qilin posted 19 photos on their Tor site, showing proof of the intrusion. The total data exfiltrated from Krusell amounts to 111.00GB. The images contain a wealth of PII (personal identifying information), which cybercriminals can scoop up to commit identity fraud using the PII of the victims.

In total, the sensitive information Qilin uploaded to their site contains the following:

• Thai VAT (Value Added Tax) form
• Tax Invoice
• Invoices between Adiantes Co., Ltd. (Krusell) and customers.
• Financial records showing sales and profit margin report
• Monthly cash flow chart
• Purchase Order
• Photocopies of Identification cards
• Tax receipts issued by the Revenue Department of Thailand

Qilin has not posted a ransom deadline before they spill the trove of data into the dark web.

How does Qilin operate?

Qilin, formerly known by the moniker Agenda, supplies ransomware tools to affiliate ransomware groups and individuals, taking a 15-20% cut while affiliates keep the rest. Like most groups, they employ a double extortion tactic when targeting businesses.

This means they not only encrypt the files of their victims, but also threaten to release the stolen data publicly if ransom demands aren’t met. Most groups like this have a similar, if not identical modus operandi, which classifies them as double-extortion groups. Additionally, the malicious code they use is cross-platform, which means it targets both Windows and Linux as well as VMware and other virtual environments.

How Thai companies confront ransom attacks

Unlike the United States and the European Union, Thailand currently has no specific laws that strictly prohibit businesses from satisfying the demands of ransom gangs. Unlike in the U.S., for the most part, there is no legal prohibition against paying ransoms.

Thailand still approaches such attacks with legal, regulatory, and ethical concerns, as its cybersecurity and data protection frameworks are still evolving to reflect the cautious, compliance-driven models used by the United States and European Union.

These restrictions are less formal, more ambiguous, and certainly not as aggressively enforced as those in the U.S. or EU — offering far less incentive for companies seeking to preserve their integrity after an attack. While paying a ransom is not explicitly illegal, companies can still be held liable if the payment violates existing anti-money laundering laws.

For example, buckling under pressure to a group that has been sanctioned is considered aiding organized crime, particularly if cryptocurrency is involved or the group is linked to international terrorism or cyberwarfare.

In certain cases, a large company operating in Thailand may consult the services of a law firm skilled in negotiating with ransomware gangs. However, this is not always the case, especially among mid-sized or small Thai companies.

Despite these legal parameters, it is more likely for a Thai company to give in to a ransom demand than for an OFAC (Office of Foreign Assets Control) compliant business in the West.