EgyptAir: FunkSec Ransomware Targets National Carrier
In December 2024, the AI-assisted ransomware group FunkSec claimed a breach of EgyptAir, Egypt's flag carrier airline. FunkSec, notable for its integration of AI tools into malware development and operational workflows, listed stolen data on its dark web leak site including passenger manifests, employee records, and operational documents. EgyptAir carries millions of passengers annually and holds extensive PII including passport numbers, travel itineraries, payment details, and frequent flyer records.
KEY FACTS
- WhatFunkSec AI-assisted ransomware group attacked Egypt's flag carrier airline.
- WhoEgyptAir passengers, employees, and Star Alliance partner operations.
- Data ExposedPassenger manifests, passport numbers, employee records, and payment data.
- OutcomeData listed on FunkSec dark web leak site; no public penalty disclosed.
WHAT WAS EXPOSED
- Passenger Name Records (PNRs) containing full names, passport numbers, nationalities, travel itineraries
- Frequent flyer program data including membership tiers, accumulated miles, travel history
- Employee records including personnel files, salary information, national IDs
- Payment card data and billing records from ticket purchases
- Operational documents including flight operations data, crew scheduling, maintenance records
- Cargo manifests and freight documentation containing shipper and consignee details
FunkSec represents a new generation of ransomware operators leveraging AI to accelerate operations. The group uses AI-assisted code development for ransomware payloads, AI-generated victim communication, and automated reconnaissance. PNR data reveals travel patterns, associations, and destination preferences that intelligence services consider among the most valuable categories of structured personal data.
SOURCES
Check Point Research, Cybernews, Dark Reading, Security Affairs