Qilin Ransomware Group Targets German Political Party Die Linke

The German political party Die Linke reported a ransomware attack on March 27, 2026. The party's federal managing director, Janis Ehling, attributed the incident to the Qilin ransomware group. The party detected anomalies in its IT infrastructure on Thursday and took its systems offline to stop the malware from spreading further.

The compromised data includes:

• Internal infrastructure files
• Internal party documents
• General administrative data

The party claims that its central member database was not impacted by the breach. The number of affected individuals is not disclosed.

Die Linke filed a criminal complaint and is working with independent security experts and national authorities. The party remains in close contact with the Federal Office for Information Security (BSI) to assess the full scope of the damage. This incident marks the third major cyberattack on a German political party, following a zero-day exploit against the CDU in 2024 and a 2023 breach of the SPD.

Update - as of 3rd of April 2026, Die Linke confirmed the attack: “According to current findings, the attackers aim to publish sensitive data from the internal areas of the party organization as well as personal information of employees at the party headquarters... It is currently unclear whether and to what extent this has succeeded or has already occurred. However, such a risk exists.”
The party still maintains that its membership database wasn’t impacted.