Offside on the Dark Web: Qilin Ransomware Targets Argentine Giant River Plate
The Argentine football giant Club Atlético River Plate (CARP) has become a target of extortion by the Qilin ransomware group. The club has appeared on the group’s dark web leak site, where it was oddly categorized under “Accounting Services.” While the operators did not disclose the volume of data allegedly stolen, they provided an Onion link to a dump containing thousands of files, clearly signaling data exfiltration and an attempt to apply pressure through the threat of publication.
River Plate is one of the country’s most recognizable sporting brands. Founded in 1901, it is Argentina’s most decorated club, with 72 trophies to its name. The team plays at Estadio Más Monumental, the largest stadium in South America, and features Turkish Airlines as its shirt sponsor. The report also highlights the sheer scale of the organization: more than 350,000 members and a renowned youth academy enrolling children from around the age of seven—factors that make the potential consequences of a data breach particularly sensitive.
Based on the index shown on the leak page, most of the exposed materials resemble internal corporate “accounting” records: PDFs, Excel and Word documents, images, .eml email files, and .7z archives, with some video files also present. File sizes range from a few kilobytes to roughly 22 MB, with the largest items consisting of compressed bundles containing plans and technical documentation. Judging by the dates embedded in file names, the documents span from 2021 to 2025, and their categories suggest invoices and credit notes, budgets, procurement requests (SOLPED), contracts, regulatory forms, technical specifications, architectural plans, and photographic materials.
It is further noted that Qilin attached five “samples” to the listing—presumably excerpts from the stolen dataset. According to Cybernews, these samples include credit card statements, procurement records, and contractual documents.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
