AIS Thailand Cyber Attack Claimed By Desorden Hackers


The hacker group Desorden has claimed responsibility for a data breach on a prominent mobile operator in Thailand.

While AIS Thailand, the country’s largest telecommunications service provider, has not officially confirmed the AIS Thailand cyber attack, Desorden asserts that they successfully exfiltrated 198GB of data.

AIS Thailand Cyber Attack by Desorden

AIS Thailand cyber attack
Hacker Forum message by Desorden (Photo: Falcon Feeds/ Twitter)

Desorden is a Spanish term meaning disorder or confusion. The hacker group announced the AIS Thailand cyber attack and wrote, “We take responsibilities for the hack and data breach of ADVANCED INFO SERVICE (AIS) PUBLIC COMPANY LTD (ais.co.th, a mobile telecommunication and internet service company in Thailand.)”

They detailed the profile of the company by writing, “ADVANCED INFO SERVICE (AIS) PUBLIC COMPANY LTD is a publicly listed company on the Thailand stock exchange.”

AIS Thailand Cyber Attack Claimed By Desorden Hackers

Desorden conducted the AIS Thailand cyber attack in August. They breached the AIS PBX server systems and exfiltrated databases and client information.

They claimed the following data from the AIS Thailand data breach –

  1. Voice recording wav files
  2. 2 million incoming call records
  3. 1 million outgoing call records of their corporate clients

The named corporate clients whose data was accessed by the Desorden group included Asian Property, Loreal, SC Assets, DHL, Lazada, SCG, Unilever, Singer Thai, Jaymart, and Central Group among others.

Desorden also placed samples of the said data hacked during the AIS Thailand cyber attack. Threat Intelligence platform Falcon Feeds tweeted the above screenshot from the hacker forum with blurred sample data.

They also posted on Twitter that AIS had experienced a data breach in 2020. However, this claim has not been officially verified.

1000 Thai Phone Numbers Employed for Scamming

In a 2022 report by The Nation, Advanced Info Service disclosed that more than 1,000 of its phone numbers were exploited by scammers for fraudulent activities and theft.

In response, the telecommunications company introduced the AIS Spam Report Center hotline, reachable at 1185, for reporting such incidents.

“Since then, AIS subscribers have reported many suspicious calls and messages, and the center has tracked more than 1,000 numbers to the alleged scammers,” The Nation report read.

“The bureau’s chief Pol Lt-General Kornchai Klaiklueng said this AIS initiative has prompted other private firms to cooperate with police to fight against call-centre scammers,” the report added.

Ever since, Thailand AIS participated in several cyber projects such as the Aunjai Cyber project which showed short informative videos to people explaining cyber threats and methods to prevent cyber attacks.

“The latest campaign, which runs under the theme of “Wisdom to Survive”, is aimed at providing people with more guards against the various challenges posed by cyberthreats,” a report by Bangkok Post read.

The short videos were styled around comedy and horror themes showing characters that were exposed to cybercrimes.

Cyber Attacks by Desorden

AIS Thailand cyber attack
Sample of stolen photos by Desorden (Photo: Data Breaches)

In a previous incident, Desorden managed to pilfer Know Your Customer (KYC) information from approximately 70,000 customers of The Icon Group in Thailand during 2022.

Furthermore, in 2021, the website of Centara Hotels & Resorts in Thailand fell victim to two separate hacking incidents orchestrated by Desorden, resulting in the theft of 400GB of files containing personal customer data within a mere ten-day period.

Desorden also hacked Acer India and Taiwan in 2021. Desorden hacked Acer twice in one week which led to the compromise of user data in India.

Acer spokesperson made their stance clear to Desorden in a statement saying, “We are not going to negotiate and it is not company policy to pay ransom to hackers.”

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link