Cyber Incident Victim: Malaysia Airlines
Date:
Jan 2015
Location:
Malaysia
Summary
The Malaysia Airlines website was defaced by hackers claiming affiliation with both the 'Lizard Squad' and 'Cyber Caliphate,' displaying an image of a lizard and messages including "404 - Plane Not Found"—a reference to the missing MH370 flight—alongside pro-Islamic State phrases. The group, previously known for disrupting Sony PlayStation and Xbox Live networks, altered the airline's homepage to feature their branding and rhetoric, though the motive remained unclear. The incident occurred amid heightened Malaysian security concerns over domestic support for extremist groups, following recent arrests of individuals suspected of sympathizing with or attempting to join the Islamic State.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On January 26, 2015, Malaysia Airlines’ website was compromised by hackers identifying themselves as ‘Lizard Squad’ and claiming affiliation with the ‘Cyber Caliphate,’ a term associated with support for the Islamic State (IS) extremist group. The attackers replaced the airline’s homepage with an image of a lizard wearing a tuxedo and superimposed text declaring, ‘Hacked by LIZARD SQUAD - OFFICIAL CYBER CALIPHATE.’ A prominent headline on the defaced page read ‘404 - Plane Not Found,’ a direct allusion to Malaysia Airlines Flight MH370, which disappeared in March 2014 with 239 passengers and crew. Regional variations of the hack reportedly included the phrase ‘ISIS will prevail,’ further emphasizing the attackers’ alignment with IS ideologies. The website remained inaccessible in its original form for an unspecified period, disrupting normal operations. Lizard Squad, known for prior disruptive cyber activities such as denial-of-service attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live in late 2014, publicly claimed responsibility. Malaysia Airlines did not issue an immediate public statement or acknowledge the incident in response to media inquiries at the time of reporting.
The incident highlighted emerging concerns about cyber threats linked to extremist groups, as IS had expressed ambitions to wage cyber warfare against Western targets and utilized online platforms for recruitment. While no specific motive for targeting Malaysia Airlines was confirmed, the hack coincided with heightened Malaysian domestic security tensions. Malaysian authorities had recently detained 120 individuals suspected of supporting IS or planning travel to conflict zones in Syria and Iraq, reflecting broader anxieties about the group’s influence in the country. The defacement’s reference to MH370 exploited global awareness of the unresolved aviation disaster, amplifying the psychological impact of the attack. No data theft, financial losses, or secondary disruptions to flight operations were reported in connection with the breach. The airline’s recovery timeline and technical remediation steps were not disclosed in available reporting. Cybersecurity analysts noted the attack’s symbolic nature, leveraging high-profile branding (Lizard Squad) and geopolitical themes to maximize visibility rather than pursuing direct financial or infrastructural damage.