Ransomware victim disclosure
← All victimsUtair
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileUtair (UTair Aviation) is a major Russian airline headquartered in Surgut, Russia, operating scheduled and charter passenger flights across domestic and international routes. The carrier also provides helicopter services and serves corporate and group clients. It is one of the largest airlines in Russia by passenger volume.
- Industry
- Passenger Air Transportation
- Employees
- 5001-10000
- Founded
- 1967
Attack summary
Severity: high — Confirmed data exfiltration (disclosed status: data_published) from a major airline exploiting a known Zimbra vulnerability, which typically exposes email contents, credentials, and potentially passenger PII at scale; operational disruption to critical transportation infrastructure is also plausible.The Malas ransomware group claims to have compromised Utair's systems by exploiting a Zimbra vulnerability, resulting in data being published. The post indicates data exfiltration occurred, though the specific volume or categories of data published have not been detailed in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Email server data (via Zimbra)
- Corporate communications
- Employee records (likely)
- Passenger booking data (potentially)
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

