The cyber-group Qilin, which is reported to have ties to Russia, announced the breach of two Texas energy cooperatives — San Bernard Electric Cooperative and Karnes Electric Cooperative. The hackers published financial and personnel files on their darknet website, posing a threat to U.S. critical infrastructure. Qilin posted samples of stolen files on its site, including incident reports containing full names and contact details of employees, budget documents, insurance contracts, invoices and service contracts for power line maintenance.
The data allegedly belonging to San Bernard Electric Cooperative include information about the company’s operations, such as annual financial reports and land-lease agreements for transmission line rights-of-way. In the archive tied to Karnes Electric Cooperative, researchers from Cybernews found lists of board directors, their addresses, phone numbers, as well as profit and loss balances.
Security experts have not yet confirmed the authenticity of all the data, but they warn that even partial disclosure constitutes a real threat to the companies’ reputations and could be used in targeted phishing campaigns or for social engineering.
The group Qilin emerged on the hacking scene in 2021–2022 and quickly became one of the most active players among ransomware operators. In the past 12 months alone the group has claimed more than 580 attacks, outpacing rivals such as Cl0p, Play, INC Ransom and Akira.
Among its most notable strikes are breaches of SK Telecom in South Korea, Asahi Holdings in Japan, and Nissan Creative Box, where 4 TB of design files were exfiltrated. Additionally, Qilin was behind a cyberattack on a British NHS partner — Synnovis Laboratories — which led to the cancellation of more than 10,000 operations and medical procedures.
Recently Qilin joined forces with other well-known hacker groups — LockBit and DragonForce — forming a coalition that experts call a new global threat to cybersecurity.
The breaches of Texas energy companies are a warning to all operators of critical infrastructure who continue to underestimate cyber risk. Even regional cooperatives with relatively small budgets remain attractive targets for international criminal groups. Analysts warn that new hacker alliances, including Qilin and LockBit, could lead to an increase in attacks on the energy and industrial sectors in 2025–2026.
