The cybercartel J Group has published a statement on a darknet blog about the hack of FAI Aviation Group, a German charter operator for medical air transportation. The attackers claim to have obtained almost 3 TB of data, including clinical information of patients, internal documents and copies of passports. The Cybernews editorial team checked the attachment: it contained a file-list of directory trees with the names of allegedly stolen folders and files; the company’s response is expected.
According to J Group, the set included: official correspondence, audit reports, project documentation, records of staff complaints, resumes (CVs), copies of passports, aircraft specifications, as well as data related to the company’s ambulance aviation. Such an array creates direct risks of identity theft and financial fraud (opening accounts for third parties), and also increases the likelihood of social engineering: attackers can plausibly impersonate FAI or partner charter services.
Medical and biometric data are particularly dangerous – they cannot be “re-modified”, unlike passwords. Leaked internal audits will potentially highlight vulnerable processes that persistent threats can exploit in future intrusion attempts.
The air transport sector remains an attractive target: in recent months alone, major airlines in North America and Australia have been attacked, where any downtime is costly and puts pressure on negotiations with attackers.
FAI Aviation Group – headquarters in Nuremberg, subsidiaries in Dubai and Bahrain, about 300 employees; areas – medical aviation, business jets, mission-critical.J Group ransomware is a new player (seen in early 2025).
It operates like a cartel: in addition to the classic “encryption + blackmail by leaking” scheme, the group tries to sell data publicly, monetizing it even after negotiations fail. According to leak monitoring, the group has dozens of victims in various industries — from amusement parks to food logistics.
J Group’s statement, even without a full dump, already creates significant legal and reputational risks for FAI and its customers. The company should promptly:
notify potential victims and regulators,
activate a PII/PHI leak response plan,
deploy monitoring of possible targeted phishing campaigns,
offer victims credit monitoring/freeze and cyber hygiene instructions,
verify and strengthen access controls, network segmentation, and logging in sensitive environments.
For users and partners, it is key to be vigilant for unusual requests, double-check communication channels, and minimize unencrypted document exchange.
