DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AirAsia’s parent company told to supply documents; government probes Daixin ransomware attack

Posted on December 10, 2022 by Dissent

John Bunyan reports:

The Ministry of Communications and Digital has ordered Capital A, the parent of AirAsia, to submit supporting documents and data for the investigation into the breach of the airline’s networks that exposed the personal information of millions of passengers and staff.

Communications and Digital Minister Fahmi Fadzil said the security breach affecting AirAsia customers and employees in three countries including Malaysia was being treated seriously.

Read more at MalayMail.

As regular readers of DataBreaches will remember, Daixin Team had claimed responsibility for that attack. In an email exchange with DataBreaches, they claimed they had attacked AirAsia on November 11 and 12. In addition to locking their files and servers and deleting their backups, they had reportedly exfiltrated data on 5 million passengers and employees. Those data were subsequently dumped on Daixin’s dedicated leak site.

AirAsia had never responded to DataBreaches’ inquiries, but The Star reported AirAsia’s statement that “the cyberattack was on redundant systems and did not affect our critical systems.” AirAsia also stated it had “taken all measures to immediately resolve this data incident and prevent such future incidents.”

The reason critical systems were not affected may have had something to do with what Daixin told DataBreaches prior to any publication about the breach — that they had intentionally and carefully avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such).” Were critical systems spared by good security, luck, or just the grace of Daixin? The government’s investigation will hopefully consider that to determine if the attackers could have impacted critical systems.

But perhaps the most striking part of the email exchange between Daixin and DataBreaches was Daixin’s commentary about AirAsia’s network security. They described it as so disorganized and chaotic that Daixin members balked at attacking the airline or continuing the attack:

The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack.

… The group refused to pick through the garbage for a long time. As our pentester said, “Let the newcomers sort this trash, they have a lot of time.”

When DataBreaches asked whether AirAsia’s reportedly chaotic security had perhaps prevented further attacks and damage, Daixin agreed:

Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator “built his shed next to the old building.” At the same time, the network protection was very, very weak.

In addition to what Daixin has already claimed to have done, Daixin shared with DataBreaches their intended plans for AirAsia.  In light of the Malaysian government’s investigation into the incident, DataBreaches has reached out to Daixin to ask whether they ever took other actions that they had indicated they would be taking such as making the “information about the network — ‘including backdoors’ —  available privately and freely on hacker forums.”

No reply was immediately available, but DataBreaches will update this post if a response is received.

 

Related posts:

  • AirAsia victim of ransomware attack, passenger and employee data acquired
  • OakBend Medical Center hit by ransomware; Daixin Team claims responsibility
  • Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin
  • Exclusive: Daixin Team claims responsibility for attacks affecting Canadian hospitals, starts leaking data
Category: Breach IncidentsCommentaries and AnalysesMalware

Post navigation

← Au: 130,000 Telstra customers exposed in data leak
Morgan County School District Re-3 canceled classes on Friday in wake of cybersecurity incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.