Dubai government suffers alleged ransomware attack


The ultra-luxurious city of Dubai has allegedly been hit by ransomware according to the latest dark blog post by the cybercriminal group known as the Daixin Team.

The ransomware group posted the municipality on its leak site Wednesday, claiming to have exfiltrated “60-80GB of scans and pdf files” from the Government of Dubai’s network systems.

The Government of Dubai represents one of the most populated (and richest) cities in the United Arab Emirates (UAE), with over three million residents. It is also the capital of the Emirate of Dubai and one of the ‘seven constituent monarchies’ in the Arab nation.

According to Daixin’s post, the stolen cache is chock full of ID cards, passports, and other PII (personally identifiable information), although the gang noted that the file lists (33712 files) had not been “fully analyzed” or "dumped" onto the leak site.

Daixin Dubai government ransomware attack

What makes this data heist concerning is that the city, known as a playground for exceptionally wealthy foreigners, boasts the highest concentration of resident millionaires worldwide at 72,500, according to The National.

“Dubai is home to 212 centi-millionaires (people with a net worth of $100 million or more in investable assets) and 15 billionaires,” the news outlet reported.

What’s more, over 75% of the city's residents are expatriates, providing a treasure trove of sensitive personal data that can put Dubaiians at risk of targeted spear phishing attacks, vishing attacks, identity theft, and more.

The parameters of the stolen databases appear to contain information about the city’s business records, hotel records, land owners, HR employees, corporate contacts, and more.

For example, in addition to driver's licenses and passports, the databases appear to store massive amounts of personal data, including full name, date of birth, nationality, marital status, job descriptions, supervisor name, housing status, phone numbers, addresses, vehicle information, primary contacts, and a person’s language preference.

Daixin Dubai database

Who is the Daixin Team?

Most well known for its attacks on the healthcare sector, a 2022 report by the US Cybersecurity and Infrastructure Security Agency (CISA) states that the Daixin Team is a Russian-speaking ransomware and data extortion group in operations since at least June 2022.

Although not as active as other ransomware cartels, Daixin has since branched out to extort other industry sectors, most likely using evolved hacking techniques and methods as well.

Most of its targets are located in the US. Besides successfully hacking AirAsia back in 2022, more recent victims include Omni Hotels and Resorts and the North Texas Municipal Water utility.

The gang is said to commonly “gain initial access to victims through virtual private network (VPN) servers,” taking advantage of legacy VPNs without multi-factor authentication enabled or by gaining VPN login credentials through phishing email attacks.

Daixin is also known to publish any stolen information if the victim refuses to pay its ransom demand, the CISA advisory states.

Cybernews has reached out to The Government of Dubai for comment and is awaiting a response.


More from Cybernews:

Ransomware attack chaos at London hospitals blamed on Qilin gang

Boeing Starliner’s first crewed space flight safe in orbit

Ukraine knocks out Russian services in 'large-scale' DDoS attack

The kebab you ordered is leaking your data

AI mortgage startup LoanSnap, which raised $100 million, faces lawsuits

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked