2 min read

Daixin Ransomware Gang Abandons Hack of AirAsia due to Airline’s ‘Chaotic Network Standards’

Filip TRUȚĂ

November 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Daixin Ransomware Gang Abandons Hack of AirAsia due to Airline’s ‘Chaotic Network Standards’

The threat actors behind the Daixin ransomware operation have reportedly abandoned attempts to extort AirAsia due to the chaotic configuration of the low-cost airline’s internal network. The hackers say the airline’s incompetence actually spared them additional attacks.

AirAsia, headquartered near Kuala Lumpur, is the largest airline in Malaysia by fleet size and destinations, operating scheduled domestic and international flights to over 165 destinations across 25 countries.

Data on all staff and 5 million passengers in hackers’ hands

As reported by Databreaches.net, the airline recently fell victim to a ransomware attack by the Daixin Team, with the hackers stealing information of AirAsia’s entire staff and personal data of 5 million passengers.

In an exchange with the blog, a Daixin spokesperson said the victim company “asked in great detail how we would delete their data in case of payment.” The airline then reportedly abandoned communications, refusing to negotiate with the hackers, presumably because of Daixin’s high ransom demands.

Daixin later leaked samples of the stolen data on the dark web, including names, dates of birth, medical record numbers, patient account numbers, Social Security Numbers (SSNs), and other personal and medical information. The data belonging to AirAsia’s employees reportedly also includes the secret questions and answers for password resets.

The leak, as shown in a screenshot published by The Hacker News (embedded below), instructs potential buyers to use the data to conduct fraud and phishing attacks, take out loans in the victims’ names, obtain a driver’s license with a different photo, and even give false information to police during an arrest.

Credit: thehackernews.com

Lax security standards, chaotic network

The Daixin spokesperson clarified that the crew abandoned further attacks on AirAsia’s network due to the airline’s incredibly poor security standards and the chaotic organization of its IT infrastructure.

“The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack,” the spokesperson for Daixin Team said. “The group refused to pick through the garbage for a long time. As our pentester said, ‘Let the newcomers sort this trash, they have a lot of time.’”

Asked if AirAsia’s poor organization spared the airline from more attacks, the spokesperson responded:

“Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator ‘built his shed next to the old building.’ At the same time, the network protection was very, very weak.”

Besides leaking the passenger and employee data, the group plans to disclose vulnerabilities in the network, including ‘backdoors’ – presumably planted by the Daixin gang itself.

Daixin Team on the FBI’s radar

The Daixin hackers were the subject of a recent security advisory by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). They described the group as a cybercrime organization actively targeting US entities, with a notable focus on the healthcare and public health (HPH) sector via ransomware and data extortion operations.

The October hack of CommonSpirit Health, which reportedly led to medication errors and delayed life-saving cancer surgery, is said to have been conducted by the Daixin crew. CommonSpirit is believed to have ceded to the attackers’ monetary demands in a bid to protect patients’ lives, privacy and security.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read