In a recent cyberattack targeting Malaysia Airports Holdings Berhad (MAHB), the nation’s digital infrastructure faced a significant threat. Hackers infiltrated the systems of Kuala Lumpur International Airport (KLIA) and demanded a ransom of $10 million. Prime Minister Datuk Seri Anwar Ibrahim promptly addressed the situation, emphasizing the government’s refusal to yield to such demands. “When I was informed about this… I did not wait five seconds. I said no,” Anwar stated firmly. “There is no way this country will be safe if its leaders and system allow us to bow to ultimatums by criminals and traitors, be it from inside or outside the country.” ([thesun.my](https://thesun.my/malaysia-news/pm-reveals-attack-on-mahb-digital-system-with-hackers-demanding-usd10-million-CO13848785?utm_source=openai))
The cyberattack, which occurred on March 23, 2025, specifically targeted the digital infrastructure of MAHB, the entity responsible for operating the country’s airports. The breach raised significant concerns about the vulnerabilities within Malaysia’s critical infrastructure cybersecurity frameworks. ([cybersecuritynews.com](https://cybersecuritynews.com/kuala-lumpur-airport-suffered-cyberattack/?utm_source=openai))
Former Malaysian MP Wee Choo Keong highlighted the severity of the incident, claiming that systems at KLIA were “down for more than 10 hours,” which forced airport personnel to revert to manual operations. Evidence posted on social media showed airport staff using whiteboards to manually display flight information, suggesting significant disruption to digital information systems. ([cybersecuritynews.com](https://cybersecuritynews.com/kuala-lumpur-airport-suffered-cyberattack/?utm_source=openai))
The incident bears the hallmarks of a ransomware attack, where threat actors deploy malicious code to encrypt system files, rendering them inaccessible until payment is received. However, no specific hacking group has claimed responsibility for the breach as of Wednesday. ([cybersecuritynews.com](https://cybersecuritynews.com/kuala-lumpur-airport-suffered-cyberattack/?utm_source=openai))
In response to the incident, MAHB and the National Cyber Security Agency (NACSA) launched a comprehensive investigation to assess the nature and extent of the breach. They also notified the Civil Aviation Authority of Malaysia (CAAM) about the security incident. NACSA Chief Executive Dr. Megat Zulhairy Megat Tajuddin has been actively monitoring the situation, while MAHB Managing Director Datuk Mohd Izani Ghani implemented emergency protocols to maintain operational continuity. “Technical and operational teams are actively monitoring the situation and implementing necessary measures to safeguard the infrastructure and ensure uninterrupted passenger experience,” Mohd Izani said in an official statement. ([thestar.com.my](https://www.thestar.com.my/news/nation/2025/03/25/klia-operations-not-affected-by-cyber-attack-says-nacsa-and-mahb?utm_source=openai))
Despite conflicting reports about operational impacts, cybersecurity experts suggest the attack likely exploited network vulnerabilities to compromise critical airport systems, including flight information displays, check-in terminals, and baggage handling processes. The incident has prompted calls for enhanced endpoint protection, network segmentation, and implementation of zero-trust architecture across Malaysia’s critical infrastructure. PM Anwar emphasized the need for increased budget allocations to strengthen the nation’s cyber defenses, particularly for essential services. ([cybersecuritynews.com](https://cybersecuritynews.com/kuala-lumpur-airport-suffered-cyberattack/?utm_source=openai))
This attack is not an isolated incident. In November 2024, AirAsia Group fell victim to a ransomware attack by the Daixin Team, compromising the personal data of five million passengers and all employees. The attack occurred on November 11 and 12, with the hacker group demanding a ransom. AirAsia responded to the attack but did not negotiate the ransom amount, indicating no intention to pay. ([theedgemalaysia.com](https://theedgemalaysia.com/article/airasia-hit-ransomware-attack-5-million-passenger-and-employee-data-compromised?utm_source=openai))
The Daixin Team, a ransomware and data extortion group operating since at least June 2024, has targeted businesses in the healthcare and public health sector in the US. They claimed responsibility for the AirAsia attack and criticized the airline’s internal organization and management, stating that breaching AirAsia was too easy due to weak network security and protection. ([simpleflying.com](https://simpleflying.com/malaysia-investigation-airasia-ransomware-attack/?utm_source=openai))
In response to the AirAsia attack, Malaysian authorities launched an investigation to find the source of the ransomware attack. Early investigations showed that the cyberattack was caused by unpermitted access into the airline’s system, leading to the ransomware attack and potential data leak. The investigation team from the Personal Data Protection Department and CyberSecurity Malaysia started its probe by having discussions with Capital A Bhd, the company that runs AirAsia, on December 1. ([straitstimes.com](https://www.straitstimes.com/asia/se-asia/malaysia-conducts-probe-into-airasia-ransomware-attack-data-of-5-million-people-affected?utm_source=openai))
These incidents underscore the pressing need for robust cybersecurity measures within Malaysia’s critical infrastructure. The government’s firm stance against paying ransoms sets a precedent, but it also highlights the necessity for proactive strategies to prevent future attacks. Strengthening cybersecurity frameworks, investing in advanced threat detection systems, and fostering a culture of cyber awareness are essential steps toward safeguarding the nation’s digital assets.
