Earlier this month, on November 11 and 12, AirAsia Group fell victim to a ransomware attack carried out by a cybercrime group known as Daixin Team.
Related Story: Malware Statistics 2022: Ransomware Continues to Be the Top Threat
Daixin Team Attack against AirAisia: What Happened?
According to online reports, the Daixin cybercriminals obtained information that belongs to 5 million unique passengers and all company employees. The threat actors shared two .csv files with DataBreaches researchers. The same files were also shared with AirAsia. What was in the files?
“One file contained information on named passengers. The second file contained employee information with numerous fields that included name, date of birth, country of birth, location, date employment started, their “secret question,” “answer,” and salt,” DataBreaches said. The criminals also uploaded the samples to their leak site which revealed passenger information, booking IDs, and employee personal data.
What is mostly striking about the attack is that Daixin Team’s spokesperson told DataBreaches they didn’t pursue further attacks against AirAsia due to the company’s poor security and bad network organization:
Somewhat surprisingly, Daixin’s spokesperson stated that poor organization on AirAsia Group’s network spared the company further attacks. Although Daixin Team allegedly encrypted a lot of resources and deleted backups, they say that they did not really do as much as they normally might do.
The criminals also told the researchers that they not only planned to leak passenger and employee data to their dedicated servers but also “make information about the network available privately and freely on hacker forums.”
It is noteworthy that Daixin Team had previously announced that they avoid compromising data that could lead to life-threatening results. In the case of AirAsia, the team didn’t encrypt “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such).” The hackers also disclaimed any responsibility for future negative impact.
Other companies compromised by the Daixin Team group include Fitzgibbon Hospital, Trib Total Media, International GmbH, and OakBend Medical.
In April 2022, several gigabytes of information stolen from US industrial giant Parker Hannifin were leaked by the Conti ransomware group. The cybercrime collective published more than 5 Gb of archive files containing documents stolen from Parker. It is curious to mention that the Conti website claimed only 3% of the stolen data were leaked.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: