DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Thai securities trading firm goes offline after cyberattack

Posted on December 10, 2020 by Dissent

It seems that yet another group of threat actors are trying the double-extortion method, replete with trying to get media coverage.

“ALTDOS,” as they call themselves, contacted a number of news outlets in Thailand and online news sites to announce that they had attacked CGSEC on December 4.

“A large Thailand SET public listed company dealing with securities trading has been hacked with its sensitive financial + customer database stolen and files encrypted last Friday (4th December 2020),” the hackers wrote, adding, “CGS deals with securities and financial trading services, however their servers are poorly protected.”

Allegedly, as a result of the firm’s lack of acknowledgement of their emails and demands, the attackers decided to dump some data. As proof of their claims, the attackers posted on popular file-sharing sites some of the data they claim to have exfiltrated.

ALTDOS dumped some data as proof of claims. Screenshot by DataBreaches.net.

Looking at the fields for the different tables, there appears to be a lot of  unencrypted personal and financial information of customers and employees.

The web site of Country Group Securities, the victim company,  was online last night when DataBreaches.net reached out to them for comment on the claimed attack, but does not appear to be online this morning. On their LinkedIn page, the firm describes themselves as:

Through the provision of comprehensive research information, reliable sound advice, and exemplary client service, Country Group Securities is emerging as a prominent figure in the Thai equity market. The institutional equity team, comprising of a diverse and experienced group of professionals, is dedicated to providing its clientele with excellent service and expertise. With a focus on the client, the institutional equity team is segregated into two divisions; domestic and international, affording each client individual service and concentrated expert advice.

In communications with DataBreaches.net, a spokesperson for the hacker(s) says that their group’s targets are mainly in the finance or gambling industry. When asked what type of ransomware they were favoring, they responded:

During the event of ransomware attacks, there are many cases in which data or files are rendered corrupted even after decryption. Hence, we do not favor the usage of ransomware and we usually do not employ ransomware techniques on targets. Our methodology is to break into systems, steal the data and backup copies of their databases locally with AES-256 encryption.

Commenting specifically on this victim, they wrote:

It did surprised us that a listed securities trading company actually left their data unencrypted and their systems did not detect our access from a list of suspicious black-listed IP addresses. We did prepared systems for heavy decryption jobs but apparently there wasn’t a need for it….. There are many red flags about how this company protects its servers and its sensitive data. For example, the login credentials of its employee workstations are left unencrypted in one of the databases. A ransomware based group would have infected all of their workstations.

The attackers inform DataBreaches.net that on December 5, the attackers emailed the directors of CSG and demanded 170 BTC from the firm (more than $3 million USD at today’s rates).

We received no replies or negotiations till date and CGS has blocked our emails from their mail servers. Obviously, we did expected a negotiation from their management, given the magnitude of the hack – especially the fact that all of their financial records and client’s sensitive information are already stolen. However, CGS management thinks they could cover up the hack and keep things under wrap by ignoring our emails. The fact is we are still able to break into the systems after 6th December 2020.

As noted above, since last night, the firm has reportedly taken their servers offline. If a response is received from them, this will be updated.

Category: Financial SectorHackNon-U.S.

Post navigation

← Cyberattack cost UVM Medical Center $1.5 million a day
Former Elgin Mental Health Center Employee Charged With Identity Theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.