Daixin Ransomware Attack on Dubai Municipality: Data Breach and Vulnerabilities

Incident Date: Jun 05, 2024

Attack Overview
VICTIM
Dubai Municipality (UAE)
INDUSTRY
Government
LOCATION
United Arab Emirates
ATTACKER
Daixin
FIRST REPORTED
June 5, 2024

Daixin Ransomware Attack on Dubai Municipality

Overview of Dubai Municipality

Founded in 1954, Dubai Municipality is the oldest government entity in Dubai. It employs over 15,000 individuals across 32 organizational units, providing more than 150 services related to urban planning, waste management, public health, and sustainability. The municipality is a key driver of growth and development in Dubai, ensuring the city's infrastructure and public services meet high standards.

Details of the Ransomware Attack

The Daixin Team, a notorious ransomware group, has claimed responsibility for a cyberattack on Dubai Municipality. The group announced on their dark web leak site that they had exfiltrated between 60-80GB of data, including ID cards, passports, and other personally identifiable information (PII). The stolen data reportedly includes 33,712 files, although the full extent of the breach is still under analysis.

Potential Impact and Vulnerabilities

Given Dubai Municipality's extensive database, which includes sensitive information about residents, expatriates, and businesses, it is a lucrative target for cybercriminals. The stolen data could lead to targeted spear phishing attacks, identity theft, and other malicious activities. The municipality's role in urban planning, public health, and infrastructure development means that any disruption could have significant repercussions for the city.

About the Daixin Team

Known for executing dual ransomware attacks, the Daixin Team deploys two different ransomware variants in quick succession to increase pressure on victims. They have previously collaborated with other ransomware groups like LockBit. Their sophisticated techniques, such as abusing Windows APIs and process injection, make them particularly challenging to defend against.

Possible Penetration Methods

Although the exact method of penetration in this attack is not confirmed, the Daixin Team likely exploited vulnerabilities in Dubai Municipality's network. Common tactics include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak authentication mechanisms. The group's ability to evade detection and encrypt files without keys further complicates recovery efforts.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.