MALAYSIA AIRPORTS HOLDINGS BERHAD Part 1 of data taken !!!
MALAYSIA AIRPORTS HOLDINGS BERHAD Part 1 of data taken !!!
Group: qilin
Discovered by ransomware.live: 2025-05-01
Estimated attack date: 2025-05-01
Country:
Description:
Our team managed to breach and encrypt Malaysia Airport Holdings Berhad's network, further read as MAHB. The network was completely encrypted excluding flight control systems and over 2TB of data leaked from there. It was a complex IT o ...
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 132
Compromised Users: 277
Third Party Employee Credentials: 54
External Attack Surface: 120
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domreg firstonline.com.my
MX Records
- alt3.aspmx.l.google.com.
- alt1.aspmx.l.google.com.
- alt4.aspmx.l.google.com.
- aspmx.l.google.com.
- alt2.aspmx.l.google.com.
TXT Records
- v=spf1 +a +mx ip4:101.78.24.9 ip4:101.78.24.16 ip4:101.78.20.242 ip4:219.93.7.2 ip4:219.93.7.3 ip4:219.93.7.5 ip4:219.93.7.34 ip4:219.93.7.35 ip4:121.121.255.130 include:spf.protection.outlook.com include:_spf.google.com include:_spf-dc10.sapsf.com ~" "all
- google-site-verification=1DDyQWpwkzc5gZ7dkPKowc8-8sF_uFMVY74bL82Pjm8
- google-site-verification=CFfooCMyB-8j8rRHvoBRYt_vPxYKcwXYd4mqtlS0G8k
- v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DRyWFEsDRpXbRybOtnagXFjz6WvYlsozDgyNj4CezgVsflqqdf845E6KFA+BOpc7Pl2GrcLH+JRanqNQziUJ0suSDCmKbo39vXyIbqKIFWfHUMtDBgs/vstxeQ15ityYMKi1fY3BZ+Gvts6ColWj6VOwN1HEh50L1G12dmb3QnnNvcrwAQ5AW9i70S/" "tWfajgV4eHYzutzGjFusZWgrc3Z7igmC5ijkNCZckYkpbHlNWBOpqSAWBrnUDQSdxfmNZI/q8wqYgMwrmHQ6cA6rUiXFl9hgjcMw0vwJ8wQnN1NnkedKbm0gLkHVry3/qXHrDxaMgtl80T73xr9R00+9wwIDAQAB
- MS=ms55950863
- successfactors-site-verification=MWY0NDgyYmZkNWQzMTljMGQ0ZjRhOGI0NzNhYzdlZjlhNmVjNDFkY2RlMWRmMDM0NzA4ZDI3ODUzYjM0MzE4MA==
- zoho-verification=zb70838450.zmverify.zoho.com
Cloud / SaaS Services Detected
Microsoft 365
Zoho Campaigns
Leak Screenshot:
