Germany is once again in the crosshairs of Russian cybercriminals. This time, the well-known ransomware group Qilin has carried out a cyberattack against the German political party Die Linke.
The leftist party revealed that the incident was detected on March 26, when part of its IT infrastructure experienced unauthorized access that forced the disconnection of critical systems to contain the damage.
Initially, a security issue was reported without detailing data loss, but in the following days, it became clear that the intrusion was not limited to service disruption.
The German party acknowledged that the attackers managed to exfiltrate internal information from the organization and personal data of some employees at the central headquarters, although it emphasized that the membership database was neither accessed nor compromised.
Die Linke’s leadership has described the attack as an example of what some experts consider a form of ‘hybrid warfare’: a digital strike that, in addition to seeking economic gain, could attempt to affect political structures and encrypt internal strategic data.
The political party has filed a formal complaint with German authorities and is working with cybersecurity specialists and investigative forces to restore systems, assess the extent of the breach, and strengthen its cybersecurity.
The latest data extracted from the party’s official website indicates that it has more than 123,000 members, with the majority in the Nordhein-Westfalen region (around 23,000) and Berlin (17,000).
Who is Qilin
For its part, Qilin is one of the most active and aggressive ransomware groups, operating under a ransomware as a service model with ties to Russia and post-Soviet countries. They have been active since 2022, initially calling themselves ‘Agenda.’
In 2025 alone, the group claimed more than 700 attacks. In the third quarter, they reportedly impacted over 400 organizations, according to some reports. Up to that point, the group had been linked to hundreds of incidents in more than 60 countries.
Among their most frequent targets are companies in the healthcare sector, manufacturers, technology and service companies, governments and local public entities, educational companies, and non-profit organizations. Among the most impacted countries are the U.S., France, Canada, South Korea, and Spain.
