The hacker group Desorden has claimed responsibility for a data breach on AIS Thailand, the country’s largest telecommunications service provider. Although AIS Thailand has not officially confirmed the cyber attack, Desorden asserts that they successfully exfiltrated 198GB of data.
Desorden, which means disorder or confusion in Spanish, announced the cyber attack on AIS Thailand and took responsibility for the hack and data breach of ADVANCED INFO SERVICE (AIS) PUBLIC COMPANY LTD, a mobile telecommunication and internet service company in Thailand. They also provided details about the company, stating that it is a publicly listed company on the Thailand stock exchange.
The cyber attack was conducted by Desorden in August, where they breached the AIS PBX server systems and exfiltrated databases and client information. The data accessed during the breach included voice recording WAV files, 2 million incoming call records, and 1 million outgoing call records of corporate clients. The named corporate clients whose data was accessed by the hackers included Asian Property, Loreal, SC Assets, DHL, Lazada, SCG, Unilever, Singer Thai, Jaymart, and Central Group.
Samples of the hacked data were posted by Desorden on a hacker forum, and Falcon Feeds, a Threat Intelligence platform, shared a screenshot of the forum with blurred sample data on Twitter. They also mentioned that AIS had experienced a data breach in 2020, although this claim has not been officially verified.
In a 2022 report by The Nation, it was disclosed that more than 1,000 phone numbers belonging to AIS were exploited by scammers for fraudulent activities and theft. In response, AIS introduced the AIS Spam Report Center hotline, reachable at 1185, for reporting such incidents. The initiative prompted other private firms to cooperate with the police to fight against call-center scammers.
Since then, AIS has participated in several cyber projects, such as the Aunjai Cyber project, which aimed to educate people about cyber threats and methods to prevent cyber attacks through short informative videos. These videos were styled around comedy and horror themes to engage viewers and raise awareness about cybercrimes.
This is not the first time that Desorden has been involved in cyber attacks. In a previous incident, they managed to steal Know Your Customer (KYC) information from approximately 70,000 customers of The Icon Group in Thailand. They also hacked the website of Centara Hotels & Resorts in Thailand, resulting in the theft of 400GB of files containing personal customer data. In 2021, they targeted Acer India and Taiwan, compromising user data in India. Acer made it clear that they would not negotiate with the hackers or pay any ransom.
It is important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users are responsible for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.