2 min read

Daixin Ransomware Gang Abandons Hack of AirAsia due to Airline’s ‘Chaotic Network Standards’

Filip TRUȚĂ

November 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Daixin Ransomware Gang Abandons Hack of AirAsia due to Airline’s ‘Chaotic Network Standards’

The threat actors behind the Daixin ransomware operation have reportedly abandoned attempts to extort AirAsia due to the chaotic configuration of the low-cost airline’s internal network. The hackers say the airline’s incompetence actually spared them additional attacks.

AirAsia, headquartered near Kuala Lumpur, is the largest airline in Malaysia by fleet size and destinations, operating scheduled domestic and international flights to over 165 destinations across 25 countries.

Data on all staff and 5 million passengers in hackers’ hands

As reported by Databreaches.net, the airline recently fell victim to a ransomware attack by the Daixin Team, with the hackers stealing information of AirAsia’s entire staff and personal data of 5 million passengers.

In an exchange with the blog, a Daixin spokesperson said the victim company “asked in great detail how we would delete their data in case of payment.” The airline then reportedly abandoned communications, refusing to negotiate with the hackers, presumably because of Daixin’s high ransom demands.

Daixin later leaked samples of the stolen data on the dark web, including names, dates of birth, medical record numbers, patient account numbers, Social Security Numbers (SSNs), and other personal and medical information. The data belonging to AirAsia’s employees reportedly also includes the secret questions and answers for password resets.

The leak, as shown in a screenshot published by The Hacker News (embedded below), instructs potential buyers to use the data to conduct fraud and phishing attacks, take out loans in the victims’ names, obtain a driver’s license with a different photo, and even give false information to police during an arrest.

Credit: thehackernews.com

Lax security standards, chaotic network

The Daixin spokesperson clarified that the crew abandoned further attacks on AirAsia’s network due to the airline’s incredibly poor security standards and the chaotic organization of its IT infrastructure.

“The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack,” the spokesperson for Daixin Team said. “The group refused to pick through the garbage for a long time. As our pentester said, ‘Let the newcomers sort this trash, they have a lot of time.’”

Asked if AirAsia’s poor organization spared the airline from more attacks, the spokesperson responded:

“Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator ‘built his shed next to the old building.’ At the same time, the network protection was very, very weak.”

Besides leaking the passenger and employee data, the group plans to disclose vulnerabilities in the network, including ‘backdoors’ – presumably planted by the Daixin gang itself.

Daixin Team on the FBI’s radar

The Daixin hackers were the subject of a recent security advisory by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). They described the group as a cybercrime organization actively targeting US entities, with a notable focus on the healthcare and public health (HPH) sector via ransomware and data extortion operations.

The October hack of CommonSpirit Health, which reportedly led to medication errors and delayed life-saving cancer surgery, is said to have been conducted by the Daixin crew. CommonSpirit is believed to have ceded to the attackers’ monetary demands in a bid to protect patients’ lives, privacy and security.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read
Code-Signing Certificates Stolen in GitHub Breach Code-Signing Certificates Stolen in GitHub Breach
Vlad CONSTANTINESCU

January 31, 2023

1 min read
Latvia says Russian hackers tried to phish its Ministry of Defence Latvia says Russian hackers tried to phish its Ministry of Defence
Graham CLULEY

January 30, 2023

2 min read