A ransomware group known as Qilin has claimed responsibility for breaching a US electric cooperative, raising concerns about potential cyber risks facing power infrastructure operators. The group listed the Tennessee Valley Electric Cooperative (TVEC) as a victim on its dark web leak site, a platform used by ransomware gangs to pressure organizations during extortion campaigns.
TVEC is based in Savannah, Tennessee, and provides electricity to customers in Wayne and Hardin counties in West Tennessee through approximately 2,000 miles of power distribution lines. The cooperative is also a member of the Tennessee Valley Authority public power network, a federally owned utility that supplies electricity across the Tennessee Valley region.
The ransomware group has not published samples of any stolen data linked to the alleged breach. Listing a company on a leak site without releasing evidence is a tactic often used by ransomware operators to initiate negotiations with victims. In many cases, attackers later publish small samples of data if the organization does not respond to ransom demands.
At the time of the report, it remained unclear whether any data had been exfiltrated or whether the cooperative’s operational systems had been affected. The company had not confirmed the cyber incident publicly, and details about the scope of the alleged intrusion had not been disclosed.
Security researchers noted that ransomware groups frequently target organizations connected to critical infrastructure because of the potential pressure such incidents can place on victims. If attackers obtain internal documents or operational information, the exposure of such material could reveal how internal systems function or provide details useful for future cyberattacks.
Qilin is a ransomware group that first appeared in 2022 and has since conducted attacks against organizations in multiple sectors. The group operates a data leak site on the dark web where it publishes the names of companies it claims to have breached. According to monitoring by cybersecurity researchers, the gang has listed more than 1,400 victims since 2023.
In recent months, Qilin has been linked to attacks against organizations in aviation, finance, manufacturing, and energy-related sectors. The group previously claimed responsibility for incidents involving companies such as Malaysia Airlines and several electric utilities in North America.
Ransomware attacks against energy infrastructure have drawn increasing attention from security researchers and government agencies because of the potential impact on essential services. Electric cooperatives and regional utilities often operate large distribution networks that supply power to thousands of households and businesses.
For now, the alleged breach involving TVEC remains unverified. Investigators and security researchers continue to monitor the ransomware group’s leak site and communications for additional information about the claim and any potential release of data.