25 Nov 2022 | Asia Cyber Summary

In the spotlight this week:

• AirAsia Hacked–5 Million Passengers' and Employees' Data Stolen
• Cyber Mercenary Group Bahamut Strikes Again Via Trojan Android VPN Apps
• Healthcare Institute in Delhi Hit By Ransomware Attack
• Ducktail Hackers Employ Use of WhatsApp to Phish for Facebook Ad Accounts
• Bitcoin Will Become ‘Less Important’ for Cybercrime Payments
  ‍

AirAsia Hacked–5 Million Passengers' and Employees' Data Stolen

AirAsia Group has been hit by a ransomware attack by the Daixin hacking group earlier this month. AirAsia is a Malaysian multinational low-cost airline headquartered near Kuala Lumpur, Malaysia. As a result, personal information of AirAsia’s 5 million unique passengers as well as employees were found to be compromised. According to a representative from Daixin, AirAsia’s network was ‘chaotic’ and did not have any ‘established standards’. In addition to leaking the passenger and employee data on their dedicated leak site, the group plans to make information about the network — “including backdoors” — available privately and freely on hacker forums.

‍

Cyber Mercenary Group Bahamut Strikes Again Via Trojan Android VPN Apps

Cyber security researchers have recently discovered a malicious spyware campaign, targeting Android users. The campaign uses trojan Android VPN apps to steal data from messaging apps such as WhatsApp, Messenger, Signal, Viber, and Telegram. ​​These spyware apps are disseminated via malicious versions of SecureVPN, SoftVPN, and OpenVPN softwares. The campaign, run by Bahamut APT – a group that specializes in cyberespionage, usually through spear phishing messages and fake applications, targets entities and individuals in the Middle East and South Asia since 2016.

‍

Healthcare Institute in Delhi Hit By Ransomware Attack

A premiere healthcare institute in Delhi–All India Institute of Medical Sciences (AIIMS) was hit by a massive ransomware attack on its servers on Wednesday, with all patient services rendered inoperable since 7am. The cyber attack follows AIIMS’ announcement that it aims to achieve complete digitalization of all hospital services from April 2023. Officials have said that measures are being taken to restore all digital services and that support is being sought from the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC).

‍

Ducktail Hackers Employ Use of WhatsApp to Phish for Facebook Ad Accounts

A cyber criminal operation tracked as ‘Ducktail’ has been hijacking Facebook Business accounts, which has resulted in losses of up to USD 600, 000 in advertising credits. The group has been observed in the past utilizing malware to steal Facebook-related data and hijack associated business accounts in order to run their own adverts that the victim pays for. Believed to be the work of a threat actor based in Vietnam, Ducktail would deliver info-stealing malware through LinkedIn, luring the target into launching a malicious file with a name related to brands, products, and product planning - typical keywords relevant to the victim.

‍

Bitcoin Will Become ‘Less Important’ for Cybercrime Payments

Cyber security researchers have reported that ransomware negotiations and payments may soon come to rely less on Bitcoin as a means of payment due to improvements in technology that detect the flow and sources of Bitcoin in addition to increased sanctions and market regulation. Instead cyber criminals will look towards other forms of payment such as privacy coins like Monero and Zcash. These currencies have fundamental differences in their underlying technology intended to improve privacy.