PNSB Insurance Brokers Hit by Qilin (May 2026)

Claim Summary

On May 17, 2026, the Qilin ransomware group added PNSB Insurance Brokers Sdn Bhd (www.pnsbinsbroker.com.my) to its dark web leak site. The threat actor alleges it has compromised the Malaysian financial services firm and exfiltrated data, though no specific data samples or volume details have been provided. This claim remains unverified by Yazoul Security.

PNSB Insurance Brokers is a Malaysian insurance brokerage operating in the financial services sector. The group’s posting includes a countdown timer, suggesting a deadline for ransom negotiation or data publication.

Threat Actor Profile

Qilin (also tracked as Agenda) is a ransomware-as-a-service (RaaS) operation first observed in mid-2022. The group is known for targeting organizations across multiple sectors, with a particular focus on financial services, healthcare, and manufacturing. Their operational tempo has been inconsistent, with periods of high activity followed by relative quiet.

Known tools and tactics associated with Qilin include:

• Credential theft: Mimikatz for extracting credentials from memory
• Defense evasion: EDRSandBlast for bypassing endpoint detection, PCHunter and PowerTool for disabling security software
• Reconnaissance: Nmap and Nping for network scanning
• Exfiltration: EasyUpload.io and MEGA for data staging and transfer

Qilin typically employs double extortion: encrypting systems while exfiltrating sensitive data. The group has historically been credible in its claims, though it has occasionally exaggerated victim counts or data volumes. Without public research or a known victim count, assessing their current operational credibility is difficult. The lack of data samples in this case may indicate a recent compromise or a tactic to pressure PNSB before full disclosure.

Alleged Data Exposure

According to the leak site, Qilin claims to have accessed PNSB Insurance Brokers’ network and exfiltrated data. However, no specific data categories, file types, or volume metrics have been disclosed. The group has not released any samples to substantiate its claims.

This absence of evidence is notable. Ransomware groups often release small data samples to prove compromise and increase pressure. The lack of such samples may suggest:

• The attack is in early stages
• Qilin is bluffing or exaggerating
• Negotiations are ongoing and data has not yet been weaponized

Yazoul Security cannot confirm the existence or scope of any data breach at this time.

Potential Impact

If the claim is validated, PNSB Insurance Brokers faces several risks:

• Regulatory exposure: As a Malaysian financial services entity, PNSB may fall under Bank Negara Malaysia’s cybersecurity guidelines and the Personal Data Protection Act (PDPA) 2010. A confirmed breach could trigger regulatory penalties and mandatory notifications.
• Client data compromise: Insurance brokers handle sensitive personal and financial information, including policyholder details, claims history, and payment data. Exposure could lead to identity theft, fraud, and reputational damage.
• Operational disruption: Ransomware encryption could disrupt internal systems, policy management, and client communications.
• Supply chain risk: PNSB’s partners and reinsurers may face secondary exposure if shared data was compromised.

What to Watch For

• Leak site updates: Monitor Qilin’s leak site for any data samples or countdown changes. Publication of client data would significantly escalate the threat.
• Client communications: PNSB should proactively notify stakeholders if a breach is confirmed. Delayed disclosure can worsen regulatory and reputational consequences.
• Indicators of compromise (IOCs): Yazoul Security recommends monitoring for Qilin-associated tools (Mimikatz, EDRSandBlast, Nmap) in network logs. No YARA rules are currently available for this specific campaign.
• Third-party verification: Engage forensic investigators to assess network intrusion evidence. The group’s claim should be treated as unverified until independent confirmation.

For ongoing threat intelligence on Qilin and other ransomware groups, visit Yazoul Security’s intel section at /intel/.

Disclaimer

This report is based solely on unverified claims published by the Qilin ransomware group on a dark web leak site. Yazoul Security has not independently confirmed any data breach, system compromise, or data exfiltration involving PNSB Insurance Brokers Sdn Bhd. Ransomware groups routinely exaggerate or fabricate claims to pressure victims. All information herein should be treated as preliminary and subject to verification. No PII, credentials, download links, or access methods are included. Organizations should consult legal counsel before taking action based on these claims.