AirAsia Group recently fell victim to a ransomware attack by Daixin Team. The threat actors, informed that they obtained the personal data of 5 million unique passengers and all employees.
Daixin Team provided few files to AirAsia Group. One file contained information on named passengers. The next file contained employee information with numerous fields that includes PII of customers
The attackers team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such).” That statement is consistent with statements Daixin Team where they have stated their avoidance of encrypting or destroying anything if the result could be life-threatening.
The poor organization on AirAsia Group’s network spared the company further attacks. Although Daixin Team allegedly encrypted a lot of resources and deleted backups, they say that they did not really do as much as they normally might do:
The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack.
The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator “built his shed next to the old building.” At the same time, the network protection was very, weak.
Daixin in addition to leaking the passenger and employee data on their dedicated leak site, the group plans to make information about the network “including backdoors” available privately and freely on hacker forums.
AirAsia Group is not the only Malaysian air carrier to suffer a breach. Malaysia Airlines disclosed data security incidents in both 2020 and 2021.