Multiple reports from the cybersecurity world have noted that AirAsia may have become the latest victim of the Daixin ransomware group. The attack apparently took place over a period of two days earlier this month and has resulted in the leakage of personal data belonging to 5 million unique passengers as well as all of the group’s employees.
The Daixin Team was a recent subject of a joint Cybersecurity Advisory notice by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS). The notice said that the ransomware group has been actively targeting U.S businesses for the past few months, especially in the healthcare and public health sector.
— Soufiane Tahiri (@S0ufi4n3) November 20, 2022
Hence, it is rather interesting to see that AirAsia has suddenly appeared in the group’s crosshair. According to an interview with Dissent Doe of DataBreaches.net, AirAsia actually responded to Daixin when the group reached out to the company.
The ransomware group did not reveal the amount that it asked from AirAsia or whether the multinational aviation company have paid any of the ransom. Given the fact that Daixin has informed DataBreaches that it will release AirAsia’s data including backdoors information into the wild, we believe it is likely that no payment has been made.
The interview also noted one rather intriguing aspect of the attack: the disorganization of its network may have spared AirAsia from further damage. According to Daixin’s representative, the network is rather chaotic and didn’t appear to have any set standard much to the irritation of the attackers who then decided not to proceed further.
That being said, Daixin also said that AirAsia’s network protection was very weak which is rather alarming for such a huge aviation group. We are now reaching out to AirAsia to obtain further clarification and will keep you updated once we hear more from the company.
(Thanks for the tips, @quchenkoo!)