GhostSec hackers have taken responsibility for the TAP Air Portugal cyber attack, claiming to exfiltrate 350GB of data. They have further demanded a ransom to prevent the release of the information.
Threat intelligence service Falcon Feeds tweeted about the alleged TAP Air Portugal ransomware attack. They also shared details about a previous cyber attack on the airline by the Ragnar Locker ransomware group.
However, the authenticity of these claims is yet to be verified.
An cyber attack on Tap Air Portugal was disclosed in August 2022. Ragnar Locker ransomware group claimed to have exfiltrated over 1.5 million customer’s data then.
The website of TAP Air Portugal was accessible after the alleged security breach. The Cyber Express has reached out to the airlines to seek confirmation about the TAP Air Portugal cyber attack. We will update this report based on their response.
What GhostSec posted about the TAP Air Portugal cyber attack
In a post, the GhostSec group mocked the airline calling the incident, “A Race for Data”. It further stated that the airline was corrupt. “Haha your recent activity and corruption hasn’t gone unnoticed therefore to add onto all this pressure you (TAP) will be competing in our little race…,” the post read.
The group called upon buyers of the 350GB data allegedly exfiltrated from the TAP Air Portugal cyber attack.
The post threatened the authorities of TAP Air Portugal to pay a ransom of 250K. They made two BTC wallets available, one for the TAP Air Portugal team to pay the ransom and the other for anyone willing to pay for the stolen data from the TAP Air Portugal security breach.
The hacker collective has given the TAP Air Portugal Team a week’s time from the time of posting to pay the ransom. Moreover, the group threatened that if the second BTC wallet got up to $5,000, they would leak all the exfiltrated data from the TAP Air Portugal ransomware attack.
Furthermore, the hacker collective made another offer to buyers of the data that if they paid 140,000, the data will be entrusted to them.
Ransomware attacks have taken a toll on government websites, and in a recent string of cyber by Anonymous Cambodia speaks the same.
The hackers launched cyber attacks on the website of the Thailand Ministry of Foreign Affairs. They also claimed cyber attacks on other government websites of Thailand, Falcon Feeds tweeted.
Going by the tweet and other reports, the group launches DDoS attacks much like the Anonymous Sudan group which disrupts services for a few hours.
This group along with Anonymous Sudan is also known to launch cyber attacks against the government in the name of hacktivism.
In a previous incident, the hackers from Anonymous Cambodia targeted the National Election Committee (NEC) disrupting the website for nearly 12 hours.
This was done by the group in retaliation for the Vietnamese government creating duplicate voters for elections, according to reports.
Speaking about the group’s hacking activities, a member of the group said, “We have an ongoing operation in Cambodia to not just create new blood hackers, but to let others out there know about us. There are not many Anonymous hackers in Cambodia, but I’m sure there are a lot of other hackers out there,” as posted on The Phnom Penh Post.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
