Qilin Ransomware Hits German Left Party, Claims Political Motive

The Qilin ransomware group breached Die Linke, a German democratic socialist party with 64 Bundestag seats and 123,000 members, exfiltrating internal organizational data and employee personal information. The party confirmed the compromise on March 27 and publicly attributed it to Qilin on April 1 after the group listed Die Linke on its leak site. Member database records were reportedly not obtained.

Die Linke characterized the attack as likely non-coincidental, framing it as hybrid warfare rather than purely opportunistic crime — consistent with its description of Qilin as a Russian-speaking group with both financial and political motivations. No data has been published yet; the leak threat is standard ransom pressure.

The incident follows a pattern of Russian-linked intrusions targeting German political infrastructure. In 2024, Mandiant linked APT29 to a backdoor campaign against CDU, Germany’s largest center-right party. Die Linke has filed a criminal complaint and is working with external IT experts on recovery.