A Russia-linked ransomware gang has claimed responsibility for an attack on Cressi, a historic Italian diving equipment manufacturer, potentially signaling a data breach.
A Russia-linked ransomware gang, Qilin, claims to have targeted a legendary Italian diving gear brand, Cressi.
The ransom notice appeared on January 8th on the gang’s leak site on the dark web. The move is a common tactic in the ransomware playbook – threat actors list a victim on their leak site to threaten the victim and coerce it into paying ransom.
At this stage, it’s unclear what kind of data may have been accessed or exfiltrated.
So far, Qilin hasn’t published any data samples to back up its claims or set a countdown for dumping stolen data. Ransomware groups often hold back samples initially, using uncertainty to escalate their demands if negotiations fail.
Founded in Genoa in 1946, Cressi is an established part of diving culture. The family-owned company helped shape modern underwater sports, producing iconic gear like the Pinocchio mask, which made equalization possible.
The company also produced Rondine fins that became a staple for generations of divers. In 1970, Cressi pushed the industry forward again with the Equi-Vest, a futuristic buoyancy system that laid the groundwork for the modern buoyancy compensator.
Today, Cressi equipment is sold in more than 90 countries, making the company a globally recognized name among scuba divers, freedivers, snorkelers, and spearfishers alike.
Cybernews has reached out to the company to verify the cyberattack claims, but a response has yet to be received.
What is Qilin ransomware?
The Qilin gang was first identified in 2022. With links to Russia, the gang has been known to target hospitals and the manufacturing sector.
Qilin is one of the most active ransomware gangs in 2025. In total, the gang has listed roughly 1253 victims since 2023, according to Cybernews's Ransomlooker monitoring tool.
In November last year, Qilin listed Habib Bank AG Zurich, a Swiss-based bank, as a victim and claimed that it had stolen more than 2.5TB of data and nearly 2 million files.
In October, Qilin formed an alliance with the notorious Russia-linked gangs LockBit and DragonForce. Experts believe that the alliance between LockBit, Qilin, and DragonForce could lead to improved tactics and an increased volume of attacks through shared resources.
In the same month, Qilin claimed to have exfiltrated data from MedImpact, a large US pharmacy benefit manager. It also targeted Volkswagen Group France, a subsidiary of Volkswagen AG, which was posted on the Qilin ransomware group’s leak site.
Earlier in 2025, in April, the gang conducted an infamous ransomware attack on SK Telecom. The attackers claimed to have stolen 1TB of data.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked