Daixin Team Claims Responsibility Of AirAsia Ransomware Attack

The cyber attacks on AirAsia happened on November 11th and 12th when samples of the stolen personal data were found leaked to the dark web approximately a week later.

Daixin Team Claims Responsibility Of AirAsia Ransomware Attack

Last month, a ransomware attack compromised the personal data of approximately five million passengers and all AirAsia employees. Although it has been more than a month since the initial attacks, Malaysian authorities are still investigating the source and the overall impact but have gathered few leads so far. Shortly after the cyber attacks, a hacker group known as the Daixin Team claimed responsibility.

The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the dark web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees’ personal data, passenger booking information, and even photos, to name a few.

The China-based hacker group has been a primary focus of a joint Cybersecurity Advisory between the US Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services following ransomware attacks aimed at US healthcare organizations.

To add insult to injury, the cybercriminal gang announced that they would not want to launch another attack on AirAsia due to how ‘sloppy’ its internal organization and management appeared. The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline’s network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge.

Despite the slight insult to the low-cost carrier, the Daixin Team still demanded a ransom, albeit the ransom amount was never fully disclosed. Making true to their threats, the hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.

The airline did respond to the attack and has been fully engaged with the Daixin Team via chat, and has continuously rejected any attempts to negotiate the ransom amount, highlighting its non-intentions to pay any amount. Additionally, the budget carrier has since addressed the cybersecurity incident and emphasized that the cyberattack was on redundant systems that did not affect its critical systems, saying: “The Company has since taken all measures to resolve this data incident and prevent future incidents immediately.”

Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Following these discussions, Capital A was tasked to produce documentation and evidence related to the attack to assist in the probe.

So far, early investigations showed that the cyberattack was caused by unpermitted access into the airline’s system. But other than that, the probe is yet to uncover any fresher leads to identify the actual source of the attack or to understand how big of an impact the cyberattack had on the airline’s systems and those affected.

Regardless of who was responsible for the cyberattack and how it could have happened, such an attack further emphasizes the need for all data users, such as AirAsia, to consistently strengthen their network security and protection. Malaysia’s Communications and Digital Minister, Fahmi Fadzil, highlighted the following: “I hope data users will continue to outline cybersecurity policies and ensure these moves are followed as preventive measures against potential intrusions by irresponsible parties.”

Originally published at Simple Flying