Moen, a top luxury faucet brand found in millions of homes and sold in thousands of home improvement stores across the US, is claimed by the Qilin ransomware gang.
The leading kitchen and bathroom fixture manufacturer first appeared on Qilin's dark leak blog on Thursday, joining five other victims, all posted on the cybercriminal group’s onion site that same day.
Listed as North America’s number one faucet brand, Moen is the most recognizable name among the victims, also offering smart home fixtures, plumbing, and water filtration systems.
Qilin has not revealed the amount of data it may have exfiltrated from Moen’s networks, nor has it offered up any samples of stolen data, which are often posted alongside a victim’s entry.
This is a common ransomware tactic used by many gangs – often intended to taunt and pressure its victims into quickly forking over a ransom demand, thus avoiding any reputational damage.
Qilin and the like, will often give their victims a brief period of time to make contact with the group and begin engaging in ransomware negotiations before posting stolen data samples.
This is likely why none of companies listed on January 15th show document samples posted with their entries.
Founded in 1956 by Alfred M. Moen, the company has about 2,400 employees worldwide and an annual revenue of approximately $1 billion, according to a company profile by Cleveland Magazine published last January. Moen offers thousands of residential and commercial products, from kitchen and bathroom faucets to sinks, showerheads, spa accessories, and even bidets.
Moen is currently in the process of restructuring and moving its headquarters from Ohio to the Chicago area, joining its parent company Fortune Brands Innovations – whose Fortune 500 portfolio is made up of over a dozen luxury and smart home brands, including House of Rohl, Aqualisa, and Master Lock.
Cybernews has reached out to Moen and awaiting a response at the time of this report.
Qilin: Most active gang of 2025
The Russian-linked Qilin group was first identified by researchers in 2022 and has aggressively outperformed its ransomware rivals over the years, becoming the most active gang in 2025.
According to Cybernews' in-house surveillance tool, Ransomlooker, the gang listed over 1,000 victims in 2025 – and already kicked off the first two weeks of 2026 by claiming another 50+ victims.
On January 8th, the group claimed responsibility for the Italian-owned diving gear manufacturer Cressi, a globally recognized scuba brand.
Qilin is said to primarily target manufacturers, finance companies, retailers, healthcare providers, and government agencies, according to a Comparitec profile on the group.
Closing out December, the group targeted the controversial cult-like religion Scientology, as well as Argentina’s Club Atlético River Plate, the nation’s largest sports and football club, and home to the most successful professional football team in the nation.
Known for using a ransomware-as-a-service (RaaS) business model, the cybercriminal group often employs double extortion, demanding a ransom for decryption and then a second payout to guarantee the stolen files will not be leaked.
Recently allied with the notorious Russia-linked gang LockBit and DragonForce, other high-profile victims in 2025 include the digital gaming and casino powerhouse International Game Technology (IGT), the Switzerland-based international Habib Bank AG Zurich, and Japan's largest beer producer, Asahi Holdings.
Additionally, Qilin has claimed responsibility for attacks last year on Nissan Japan's design arm, Creative Box; the US pharmaceutical research conglomerate Inotiv; Korea’s energy and manufacturing giant SK Group; and the US newspaper conglomerate Lee Enterprises.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked