DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AirAsia’s parent company told to supply documents; government probes Daixin ransomware attack

Posted on December 10, 2022 by Dissent

John Bunyan reports:

The Ministry of Communications and Digital has ordered Capital A, the parent of AirAsia, to submit supporting documents and data for the investigation into the breach of the airline’s networks that exposed the personal information of millions of passengers and staff.

Communications and Digital Minister Fahmi Fadzil said the security breach affecting AirAsia customers and employees in three countries including Malaysia was being treated seriously.

Read more at MalayMail.

As regular readers of DataBreaches will remember, Daixin Team had claimed responsibility for that attack. In an email exchange with DataBreaches, they claimed they had attacked AirAsia on November 11 and 12. In addition to locking their files and servers and deleting their backups, they had reportedly exfiltrated data on 5 million passengers and employees. Those data were subsequently dumped on Daixin’s dedicated leak site.

AirAsia had never responded to DataBreaches’ inquiries, but The Star reported AirAsia’s statement that “the cyberattack was on redundant systems and did not affect our critical systems.” AirAsia also stated it had “taken all measures to immediately resolve this data incident and prevent such future incidents.”

The reason critical systems were not affected may have had something to do with what Daixin told DataBreaches prior to any publication about the breach — that they had intentionally and carefully avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such).” Were critical systems spared by good security, luck, or just the grace of Daixin? The government’s investigation will hopefully consider that to determine if the attackers could have impacted critical systems.

But perhaps the most striking part of the email exchange between Daixin and DataBreaches was Daixin’s commentary about AirAsia’s network security. They described it as so disorganized and chaotic that Daixin members balked at attacking the airline or continuing the attack:

The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack.

… The group refused to pick through the garbage for a long time. As our pentester said, “Let the newcomers sort this trash, they have a lot of time.”

When DataBreaches asked whether AirAsia’s reportedly chaotic security had perhaps prevented further attacks and damage, Daixin agreed:

Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator “built his shed next to the old building.” At the same time, the network protection was very, very weak.

In addition to what Daixin has already claimed to have done, Daixin shared with DataBreaches their intended plans for AirAsia.  In light of the Malaysian government’s investigation into the incident, DataBreaches has reached out to Daixin to ask whether they ever took other actions that they had indicated they would be taking such as making the “information about the network — ‘including backdoors’ —  available privately and freely on hacker forums.”

No reply was immediately available, but DataBreaches will update this post if a response is received.

 

Category: Breach IncidentsCommentaries and AnalysesMalware

Post navigation

← Au: 130,000 Telstra customers exposed in data leak
Morgan County School District Re-3 canceled classes on Friday in wake of cybersecurity incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.