Between April 22–23, 2026, multiple reporting outlets tracked active Qilin ransomware campaigns targeting two distinct sectors: Schweitzer Engineering Laboratories (SEL)—a major manufacturer of power systems protection and control equipment—and B&E Juice, a food and beverage operation. The threat actors published claims of data exposure via DeXpose, their public leak platform, indicating a dual-extortion model: encryption plus threatened data release.
Why this matters: SEL equipment operates in critical infrastructure environments—substations, power plants, and industrial control networks. A breach of SEL's systems or intellectual property could provide threat actors reconnaissance data, technical documentation, or customer network information valuable for downstream targeting of utilities and grid operators. The simultaneous targeting of a food producer suggests Qilin is running parallel campaigns across critical infrastructure and essential services sectors, widening their attack surface.
Qilin has maintained operational tempo and public visibility through leak site postings, indicating the group continues active extortion operations. The rapid media amplification (16 signal detections within 19 hours) suggests broad detection and reporting of the incident, though specific technical indicators—compromise vectors, dwell time, data volume—remain unclear from available sources.
What to watch: Monitor for downstream impacts affecting utilities that depend on SEL equipment or services. Track whether Qilin releases technical documentation that could enable follow-on attacks against power systems. Observe if affected organizations issue patches or security advisories that hint at vulnerability exploitation methods. Continued dual-extortion campaigns like this indicate threat actors are confident in their ability to monetize both ransomware deployment and data sales, reducing pressure to negotiate with victims.
