Daixin Ransomware Attack on Dubai Municipality: Data Breach and Vulnerabilities

Incident Date:

June 5, 2024

World map

Overview

Title

Daixin Ransomware Attack on Dubai Municipality: Data Breach and Vulnerabilities

Victim

Dubai Municipality (UAE)

Attacker

Daixin

Location

Dubai, United Arab Emirates

, United Arab Emirates

First Reported

June 5, 2024

Daixin Ransomware Attack on Dubai Municipality

Overview of Dubai Municipality

Founded in 1954, Dubai Municipality is the oldest government entity in Dubai. It employs over 15,000 individuals across 32 organizational units, providing more than 150 services related to urban planning, waste management, public health, and sustainability. The municipality is a key driver of growth and development in Dubai, ensuring the city's infrastructure and public services meet high standards.

Details of the Ransomware Attack

The Daixin Team, a notorious ransomware group, has claimed responsibility for a cyberattack on Dubai Municipality. The group announced on their dark web leak site that they had exfiltrated between 60-80GB of data, including ID cards, passports, and other personally identifiable information (PII). The stolen data reportedly includes 33,712 files, although the full extent of the breach is still under analysis.

Potential Impact and Vulnerabilities

Given Dubai Municipality's extensive database, which includes sensitive information about residents, expatriates, and businesses, it is a lucrative target for cybercriminals. The stolen data could lead to targeted spear phishing attacks, identity theft, and other malicious activities. The municipality's role in urban planning, public health, and infrastructure development means that any disruption could have significant repercussions for the city.

About the Daixin Team

Known for executing dual ransomware attacks, the Daixin Team deploys two different ransomware variants in quick succession to increase pressure on victims. They have previously collaborated with other ransomware groups like LockBit. Their sophisticated techniques, such as abusing Windows APIs and process injection, make them particularly challenging to defend against.

Possible Penetration Methods

Although the exact method of penetration in this attack is not confirmed, the Daixin Team likely exploited vulnerabilities in Dubai Municipality's network. Common tactics include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak authentication mechanisms. The group's ability to evade detection and encrypt files without keys further complicates recovery efforts.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.