Daikin Thailand Hit by Qilin Ransomware Exposing 838GB Data
Incident Date:
November 1, 2024
Overview
Title
Daikin Thailand Hit by Qilin Ransomware Exposing 838GB Data
Victim
Daikin Thailand
Attacker
Qilin
Location
First Reported
November 1, 2024
Daikin Thailand Falls Victim to Qilin Ransomware Attack
Daikin Industries (Thailand) Ltd., a key player in the air conditioning industry, has been targeted by the notorious Qilin ransomware group. The attack, discovered on November 4, 2024, resulted in the exfiltration of approximately 838GB of sensitive data. This incident highlights the vulnerabilities faced by large enterprises in the manufacturing sector.
About Daikin Thailand
Daikin Thailand, officially known as Daikin Industries (Thailand) Ltd., is a subsidiary of the global Daikin Group. Established in 2001, the company has grown to become a significant force in the Thai HVAC market. It operates from a substantial facility in Amata City, Chonburi, covering over 213,000 square meters. Daikin Thailand is renowned for its innovative air conditioning solutions, including energy-efficient and environmentally sustainable products. The company employs approximately 1,500 people and is a vital component of Daikin's global operations.
Attack Overview
The ransomware attack on Daikin Thailand was orchestrated by the Qilin group, also known as Agenda. The breach involved the theft of a significant amount of data, with the attackers providing a sample leak as evidence. The full extent of the compromised data remains unclear, raising concerns about potential impacts on Daikin's operations and customer data security. The attack underscores the risks faced by companies in the manufacturing sector, which are often targeted due to their critical infrastructure and valuable data.
Qilin Ransomware Group
Qilin, a Ransomware-as-a-Service (RaaS) group, emerged in 2022 and has since become a formidable threat. The group employs double extortion tactics, encrypting data and threatening to leak it unless a ransom is paid. Qilin's ransomware is highly customizable, allowing affiliates to tailor attacks to specific targets. The group is known for exploiting vulnerabilities in Citrix ADC, RDP, and VMware ESXi, which may have been used to penetrate Daikin's systems. Qilin's focus on large enterprises across various sectors, including manufacturing, highlights its strategic targeting of high-value victims.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.