Malaysian airline AirAsia suffered a ransomware attack that exposed the data of over 5 million customers. The details exposed in the attack included names, dates of birth, and country of birth among others. As per reports, the Daixin team claimed responsibility for the breach.
Statement by Daixin group
Cybersecurity firm DataBreaches stated in one of its reports that the cybercrime group did not further the attack due to the poor organization of AirAsia Group’s network. The Daixin gang confirmed the same adding, “Yes, it helped them. The internal network was configured without any rules and as a result, worked very poorly. It seemed that every new system administrator built his shed next to the old building.” The group also alleged that the network protection employed by the low-cost airlines headquartered in Kuala Lumpur was very weak.
The Daixin group stated that AirAsia did reply to the group’s demand for a ransom but did not try to lower the ransom amount. This, the group alleged seemed like a red flag in the company wanting to pay the ransom as usually victims tend to ask for lowering the amount if they seek to pay it. The airline instead asked for a sample of the collected data and how they would delete it if the ransom amount was paid. The exact amount the group demanded against the data exfiltrated was not disclosed by either of the parties.
The group also claimed to have data on 5 million unique passengers that they shared with the Malaysian airlines in the form of .csv files. They sent two files to the company as proof with one bearing details about passengers and the other containing employee data. The group allegedly also stole data about the AirAsia employees including names, dates, and country of birth, date of joining, location, secret question, answer to secret questions, and salt. Salt contains a unique set of characters in order to make the system more secure by creating hashes for each input.
Moreover, the group stated that they skipped tampering with the XEN or RHEL that would have impacted its surveillance, for instance, its radars, and air traffic control. This was to avoid causing danger to lives, Daixin notified DataBreaches. Daixin deleted backups and intends to leak the stolen data on its hacker forums. Following this, the group denied taking any responsibility for the misuse of the leaked data.