DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Thai securities trading firm goes offline after cyberattack

Posted on December 10, 2020 by Dissent

It seems that yet another group of threat actors are trying the double-extortion method, replete with trying to get media coverage.

“ALTDOS,” as they call themselves, contacted a number of news outlets in Thailand and online news sites to announce that they had attacked CGSEC on December 4.

“A large Thailand SET public listed company dealing with securities trading has been hacked with its sensitive financial + customer database stolen and files encrypted last Friday (4th December 2020),” the hackers wrote, adding, “CGS deals with securities and financial trading services, however their servers are poorly protected.”

Allegedly, as a result of the firm’s lack of acknowledgement of their emails and demands, the attackers decided to dump some data. As proof of their claims, the attackers posted on popular file-sharing sites some of the data they claim to have exfiltrated.

ALTDOS dumped some data as proof of claims. Screenshot by DataBreaches.net.

Looking at the fields for the different tables, there appears to be a lot of  unencrypted personal and financial information of customers and employees.

The web site of Country Group Securities, the victim company,  was online last night when DataBreaches.net reached out to them for comment on the claimed attack, but does not appear to be online this morning. On their LinkedIn page, the firm describes themselves as:

Through the provision of comprehensive research information, reliable sound advice, and exemplary client service, Country Group Securities is emerging as a prominent figure in the Thai equity market. The institutional equity team, comprising of a diverse and experienced group of professionals, is dedicated to providing its clientele with excellent service and expertise. With a focus on the client, the institutional equity team is segregated into two divisions; domestic and international, affording each client individual service and concentrated expert advice.

In communications with DataBreaches.net, a spokesperson for the hacker(s) says that their group’s targets are mainly in the finance or gambling industry. When asked what type of ransomware they were favoring, they responded:

During the event of ransomware attacks, there are many cases in which data or files are rendered corrupted even after decryption. Hence, we do not favor the usage of ransomware and we usually do not employ ransomware techniques on targets. Our methodology is to break into systems, steal the data and backup copies of their databases locally with AES-256 encryption.

Commenting specifically on this victim, they wrote:

It did surprised us that a listed securities trading company actually left their data unencrypted and their systems did not detect our access from a list of suspicious black-listed IP addresses. We did prepared systems for heavy decryption jobs but apparently there wasn’t a need for it….. There are many red flags about how this company protects its servers and its sensitive data. For example, the login credentials of its employee workstations are left unencrypted in one of the databases. A ransomware based group would have infected all of their workstations.

The attackers inform DataBreaches.net that on December 5, the attackers emailed the directors of CSG and demanded 170 BTC from the firm (more than $3 million USD at today’s rates).

We received no replies or negotiations till date and CGS has blocked our emails from their mail servers. Obviously, we did expected a negotiation from their management, given the magnitude of the hack – especially the fact that all of their financial records and client’s sensitive information are already stolen. However, CGS management thinks they could cover up the hack and keep things under wrap by ignoring our emails. The fact is we are still able to break into the systems after 6th December 2020.

As noted above, since last night, the firm has reportedly taken their servers offline. If a response is received from them, this will be updated.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Th: 3BB hackers dump customer data, Thai regulator seeks answers from businesses
Category: Financial SectorHackNon-U.S.

Post navigation

← Cyberattack cost UVM Medical Center $1.5 million a day
Former Elgin Mental Health Center Employee Charged With Identity Theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.