daixin attacks ISTA International GmbH

Incident Date:

August 9, 2022

World map

Overview

Title

daixin attacks ISTA International GmbH

Victim

ISTA International GmbH

Attacker

Daixin

Location

Schanzenhof, Germany

Gladbeck, Germany

First Reported

August 9, 2022

ISTA International GmbH Suffers Ransomware Attack by Daixin Team

ISTA International GmbH, an international institute based in Vienna, Austria, has been targeted by the ransomware group Daixin Team. The attack was announced on the group's dark web leak site, claiming to have encrypted thousands of servers at the company. ISTA International operates in the Energy, Utilities & Waste sector and is known for its research and development in the field of science and technology.

The company's website, provides information about their services and projects, including research collaborations with various universities and institutions. ISTA International's size and industry position make it a valuable target for cybercriminals, as the Energy, Utilities & Waste sector is often targeted due to the sensitive nature of the data and systems involved.

The vulnerabilities that led to ISTA International being targeted by Daixin Team are not explicitly mentioned in the available sources. However, it is known that the company was affected by a ransomware attack in November 2022, which resulted in the leak of personal data belonging to five million unique passengers and all of its employees from AirAsia, a Malaysian low-cost airline. This suggests that ISTA International may have had insufficient security measures in place, allowing the attackers to gain access to their systems and data.

In response to the attack, ISTA International took its systems offline to mitigate the damage and prevent further data breaches. The company's immediate communication about the incident is commended by cybersecurity experts, indicating that they have a robust incident response plan in place.

The Daixin Team has been active in the cybercrime landscape, targeting various industries, including healthcare and finance. The group has been the subject of advisories from U.S. cybersecurity and intelligence agencies, warning of their attacks on organizations worldwide.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.