Cyber Incident Victim: Biman Bangladesh Airlines
Date:
Mar 2023
Location:
Bangladesh
Summary
A cyberattack compromised Biman Bangladesh Airlines' email servers using ransomware, restricting access and triggering threats to publish passengers' flight details, passport data, and employees' personal information unless a $5 million ransom was paid. Senior officials denied negotiating with the hackers or confirming a ransom demand, though internal documents contradicted these claims. Despite the breach, the national carrier maintained its operational continuity unaffected. Investigators revealed the airline failed to implement mandatory security guidelines for designated critical infrastructure, potentially exposing vulnerabilities. The hackers leveraged a "Zero Day Attack" malware and claimed no data was leaked—a statement contested by subsequent hacker messages. Authorities initiated recovery efforts and legal procedures, including a filed police report, while cybersecurity experts suggested possible insider collaboration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 17, 2023, Biman Bangladesh Airlines experienced a ransomware attack when hackers infiltrated its email servers using “Zero Day Attack” malware, leaving a message with a yellow parallelogram-shaped logo. The next day, the attackers demanded $5 million via a ransom note threatening to publish 100GB of sensitive passenger and employee data—including flight details, passport information, and confidential records—if unpaid by an unspecified Monday deadline. Digital Security Agency officials confirmed the hackers intensified their threats on March 21 with a data leak ultimatum. Biman’s breach led to a complete loss of email server access, though airline executives publicly downplayed operational disruptions. On March 22, hackers directly contradicted Biman’s media statements by messaging, “You say in the media that no information has been leaked. But you are wrong.” The airline formally acknowledged the ransomware infection in a March 23 press release but provided no restoration timeline.
A Digital Security Agency team visited Biman’s offices on March 21, issuing security guidelines for server recovery, though officials later noted Biman had entirely disregarded prior critical infrastructure protections mandated under the Digital Security Act since October 2022. State Minister for Civil Aviation Mahbub Ali denied ransom negotiations or data leaks during a March 27 press conference, while internal ministry sources disclosed ransom discussions and corroborated the $5 million demand. Biman CEO Shafiul Azim admitted undisclosed “deficiencies” might have enabled the attack but emphasized uninterrupted flight operations. Digital Security Agency Director Mohammed Aminul Ahesan confirmed investigators had not identified the intrusion’s root cause as of March 27, with server recovery still pending nine days post-attack. Legal provisions under the Digital Security Act stipulate up to life imprisonment and Tk5 crore fines for repeat infrastructure breaches, though no enforcement actions were reported during the incident’s initial response phase.