Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia.
The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they rejected a ransom demand of $10 million, but didn’t name the attacker.
Qilin says it stole 2 TB of data from Kuala Lumpur International Airport in the attack.
We do not yet know if any personal data was compromised or how attackers breached the airport’s network. Comparitech contacted the airport for comment and will update this article if it replies.
“A cybersecurity threat affecting certain computer systems at KL International Airport (KLIA) was detected by Malaysia Airports on 23 March 2025,” says a March 25 joint statement from Malaysia’s airport and national cybersecurity authorities. “A comprehensive investigation was immediately launched to assess the nature and extent of the incident. The relevant authorities were also swiftly notified, including NACSA and the Civil Aviation Authority Malaysia (CAAM).”
Who is Qilin?
Qilin is a ransomware group that began claiming responsibility for attacks on its website in late 2022. Also known as Agenda, Qilin is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has claimed responsibility for 60 confirmed ransomware attacks since 2022, 14 of which it claimed in 2025. It’s other recent attacks those against:
- Hospital Los Madroños (Spain)
- Groupe des Industries Métallurgiques (France)
- Western New Mexico University (USA)
The attack on KLIA is Qilin’s first confirmed attack on the transportation sector.
The group claimed another 156 unconfirmed attacks in 2025, which are claims that haven’t been acknowledged by the targeted organizations. Six of those claims were against organizations in the transportation sector.
Ransomware attacks against global transportation
Ransomware attacks can lock down computer systems and steal confidential data. For transportation businesses, these attacks can cause cancellations, delays, missed bookings and payments, data loss, and other disruptions. Infected organizations must either pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.
In 2025, Comparitech researchers logged eight confirmed ransomware attacks against organizations in the transportation sector, plus another 123 unconfirmed claims that haven’t been acknowledged by the targeted organizations.
Other recently confirmed targets include Regionale Verkehrsbetriebe Bad Wettingen in Switzerland, which says it didn’t pay a ransom to Play Ransomware, and two Japanese companies: Runtec and Kintetsu World Express.
About the Kuala Lumpur International Airport
KLIA is the largest airport in Malaysia, located in the country’s capital. The airport handles more than 47 million passengers and 800,000 flights per year, according to external sources. It’s the main hub for AirAsia, Malaysia Airlines, and other airlines.
Source link
-
-
-
-
-
-
-
-
