Ransomware Group: QILIN

VICTIM NAME: MALAYSIA AIRPORTS HOLDINGS BERHAD Part 1 of data taken !!!

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group targeted Malaysia Airport Holdings Berhad, a major transportation and logistics organization based in Malaysia. The attack occurred on May 1, 2025, with the threat actors managing to breach the organization’s network and encrypt its systems. Notably, the attack escalated to leak over 2TB of sensitive data, excluding critical flight control systems, which suggests a significant cybersecurity breach with potential operational impact. The leak exposes internal information, employee data, and various associated data sets. The publicly shared leak page includes a screenshot showing internal data, emphasizing the breach’s seriousness.

The group claims responsibility under the alias “qilin” and has provided a claim URL on a dark web marketplace for verification. They also published technical details about the information stolen, including the presence of multiple information-stealing tools such as Azorult, RedLine, and Lumma, indicating a sophisticated attack aimed at extracting valuable data from the victim. The victim’s website domain is malaysiaairports.com.my, and the attack specifically targeted the organization’s infrastructure, potentially impacting airport operations and related logistics. Additional technical metadata points to ongoing data exfiltration activities, with over 277 user accounts and multiple third-party entities involved.

The leak is accompanied by a detailed screenshot illustrating internal documents, further confirming the breach. While the organization’s full network was encrypted, flight control systems remained unaffected, likely to preserve critical aviation functions. The victim is based in Malaysia, with the activity focused on transportation and logistics, reflecting the attack’s potential to disrupt regional airport services. Such incidents highlight the importance of robust cybersecurity measures within critical infrastructure sectors and the ongoing threat of ransomware actors targeting high-value targets worldwide.