HQ/EMEAFind out how we can help your business
The Qilin ransomware group has taken credit for the cyberattack on Kuala Lumpur International Airport (KLIA) last month. The assertion from the group was made earlier this week, but the airport has not confirmed it.
Reports stated that the disruption began on March 23, 2025, affecting flight information displays, check-in counters, and baggage handling. Staff were forced to post departure times on dry-erase boards manually.
Moreover, airport officials reported they declined a $10 million ransom demand but did not identify the attacker. The alleged ransomware group claims to have stolen 2 TB of data during the incident.
As of now, it remains unclear if personal data was compromised or how the attackers accessed the airport’s network. The airport has yet to disclose further details or comments about the cybersecurity issue.
On March 23, 2025, Malaysia Airports identified a cybersecurity threat impacting specific KL International Airport (KLIA) systems. This discovery was stated in a joint statement from Malaysia’s airport and national cybersecurity authorities.
An extensive investigation was promptly initiated to evaluate the incident’s nature and scope, and relevant authorities, including NACSA and the Civil Aviation Authority Malaysia (CAAM), were quickly informed.
Qilin ransomware group’s attack on KLIA is its first campaign against the transportation industry.
The Qilin ransomware group’s latest campaign against KLIA marks its first malicious activity targeting the transportation sector.
This group began taking credit for attacks on its website in late 2022. Also recognised as Agenda, Qilin operates out of Russia and primarily targets victims via phishing emails to distribute ransomware.
Established in August 2022, the group offers a ransomware-as-a-service model, allowing affiliates to pay for access to Qilin’s malware to execute attacks and secure ransoms.
Furthermore, it has claimed responsibility for another 156 unverified attacks in 2025, claims that the affected organisations have yet to acknowledge. Six of these were directed at entities in the transportation sector.
KLIA is Malaysia’s largest airport, situated in the capital city. According to external sources, it handles over 47 million passengers and 800,000 flights annually. It serves as the primary hub for airlines such as AirAsia and Malaysia Airlines; hence, the attack caused massive disruptions to its daily operations.
