A Russia‑affiliated ransomware group has claimed responsibility for an attack on Cressi, the iconic Italian manufacturer of diving equipment, suggesting that the company may be facing a data breach. The ransomware gang Qilin, which has known ties to Russia, posted a ransom notice on January 8th on its dark‑web leak site, naming Cressi as its latest victim. This tactic is common in ransomware operations—threat actors often list a target publicly to pressure the organization into paying before releasing stolen data.
At this time, it remains unclear what data, if any, the attackers accessed or exfiltrated. Qilin has not released sample files or published a countdown timer, both of which are methods ransomware groups frequently use to intensify negotiations. In many cases, threat actors initially withhold proof of theft to increase uncertainty and leverage.
Cressi, founded in Genoa in 1946, is a major name in global diving culture. The family‑owned company has been a pioneer in underwater sports, producing landmark products such as the Pinocchio mask, the first mask to allow equalization, and the Rondine fins, which became staples for generations of divers. In 1970, Cressi again influenced the industry with the Equi‑Vest, a groundbreaking buoyancy system that helped shape today’s buoyancy compensators. Today, Cressi equipment is sold in over 90 countries and is widely used by scuba divers, freedivers, snorkelers, and spearfishers worldwide. Cybernews has reached out to Cressi for confirmation regarding the alleged cyberattack, but the company has not yet responded.
Who Is the Qilin Ransomware Group?
The Qilin ransomware gang emerged in 2022 and is believed to have links to Russia. It has frequently targeted hospitals, manufacturing companies, and other critical sectors.
Qilin has been one of the most active ransomware groups in 2025, having listed approximately 1,253 victims since 2023, according to Cybernews’s Ransomlooker tool.
In November 2025, the group claimed responsibility for attacking Habib Bank AG Zurich, asserting that it had stolen over 2.5 TB of data containing nearly 2 million files.
In October, Qilin announced an alliance with two other major Russia‑linked groups, LockBit and DragonForce, a partnership that experts believe could increase the sophistication and volume of attacks through resource sharing.
Around the same time, Qilin claimed to have stolen data from MedImpact, a major U.S. pharmacy benefit manager, and targeted Volkswagen Group France, both of which appeared on the group’s leak site. Earlier in 2025, in April, Qilin carried out a high‑profile ransomware attack on SK Telecom, claiming to have extracted 1 TB of data.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
