Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware

Neither Qilin nor the affiliate behind the hacking claim has shared the amount of data allegedly stolen, its composition, or a ransom demand or deadline.

Branded Products is one of seven companies listed by the group on 24 May, and it has not responded to Cyber Daily’s request for comment.

Who is Qilin?

Qilin has become a frequently covered threat actor by Cyber Daily in 2026, targeting a total of 12 Australian victims over the first six months of the year.

The group operates under a ransomware-as-a-service model, with its inner circle taking a cut of any ransoms paid to its affiliates.

Since it first emerged in 2022, the group has claimed 1,862 victims, and it is currently the most active ransomware actor, by volume of recent attacks, today.

VIEW ALL

However, the group’s tactics – and its threats to publish victim data – have seemed inconsistent over recent months. While some victims – for instance, Australian point-of-sale IT firm Bluize, which was hacked this month – have had their data published, others, dating back as far as March and earlier this year, appear to have been forgotten, with no data published but with their leak posts still visible.

This may suggest that different affiliates employ different extortion tactics, or are merely displaying different levels of technical competence. Regardless, whether a victim’s data will end up online appears to be a matter of rolling the dice for now.

Who is Branded Products?

Headquartered in the Melbourne suburb of Cranbourne West, Branded Products has offices in NSW, Western Australia, South Australia, Queensland, Tasmania, the Northern Territory, and New Zealand.

The company also has a pair of procurement teams in China. Its products include bags, drinkware, sports apparel, IT gear, and power banks, among others.

Branded Products clients include the NSW government, the Department of Foreign Affairs and Trade, Melbourne Avalon Airport, and Specsavers.