GhostSec hackers have claimed responsibility for a cyber attack on TAP Air Portugal, revealing that they exfiltrated 350GB of data and demanding a ransom to prevent the information from being released. Falcon Feeds, a threat intelligence service, tweeted about the alleged ransomware attack on the airline and also shared information about a previous cyber attack by the Ragnar Locker ransomware group. However, the authenticity of these claims has not yet been verified.
This is not the first time that TAP Air Portugal has fallen victim to a cyber attack. In August 2022, the airline disclosed that it had been targeted by the Ragnar Locker ransomware group, who claimed to have exfiltrated over 1.5 million customers’ data.
Following the alleged security breach, the TAP Air Portugal website remained accessible. The Cyber Express has reached out to the airline for confirmation and will update this report accordingly.
In a post, the GhostSec group mocked TAP Air Portugal, referring to the incident as “A Race for Data” and accusing the airline of corruption. The group called upon potential buyers of the 350GB of allegedly stolen data to pay a ransom of 250K. Two BTC wallets were provided, one for the TAP Air Portugal team to pay the ransom and the other for anyone interested in purchasing the stolen data. The hackers gave the airline a week to pay the ransom, threatening to leak the data if the second BTC wallet reached $5,000. They also offered to sell the data to buyers for 140,000.
Ransomware attacks have been increasingly targeting government websites, and Anonymous Cambodia recently carried out a string of cyber attacks. The group targeted the website of the Thailand Ministry of Foreign Affairs and claimed responsibility for cyber attacks on other Thai government websites. The hackers behind these attacks, much like the Anonymous Sudan group, are known for launching DDoS attacks that disrupt services for a few hours. Both groups engage in hacktivism, targeting governments as a form of protest.
Anonymous Cambodia previously targeted the National Election Committee (NEC) in retaliation for the Vietnamese government allegedly creating duplicate voters for elections. A member of the group explained that their hacking activities in Cambodia aim to create awareness and attract other hackers to join their cause.
It is important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.