{
	"id": "21df988e-4480-4343-b83c-daf1ec7ea90d",
	"created_at": "2026-04-11T02:23:04.783446Z",
	"updated_at": "2026-04-11T02:24:15.543119Z",
	"deleted_at": null,
	"sha1_hash": "bcbac8f2ccdf29247486b18667a5fcf9c1229fca",
	"title": "Thai securities trading firm goes offline after cyberattack - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37283,
	"plain_text": "Thai securities trading firm goes offline after cyberattack -\r\nDataBreaches.Net\r\nPublished: 2020-12-10 · Archived: 2026-04-11 02:08:47 UTC\r\nIt seems that yet another group of threat actors are trying the double-extortion method, replete with trying to get\r\nmedia coverage.\r\n“ALTDOS,” as they call themselves, contacted a number of news outlets in Thailand and online news sites to\r\nannounce that they had attacked CGSEC on December 4.\r\n“A large Thailand SET public listed company dealing with securities trading has been hacked with its sensitive\r\nfinancial + customer database stolen and files encrypted last Friday (4th December 2020),” the hackers wrote,\r\nadding, “CGS deals with securities and financial trading services, however their servers are poorly protected.”\r\nAllegedly, as a result of the firm’s lack of acknowledgement of their emails and demands, the attackers decided to\r\ndump some data. As proof of their claims, the attackers posted on popular file-sharing sites some of the data they\r\nclaim to have exfiltrated.\r\nALTDOS dumped some data as proof of claims. Screenshot by DataBreaches.net.\r\nLooking at the fields for the different tables, there appears to be a lot of  unencrypted personal and financial\r\ninformation of customers and employees.\r\nThe web site of Country Group Securities, the victim company,  was online last night when DataBreaches.net\r\nreached out to them for comment on the claimed attack, but does not appear to be online this morning. On their\r\nLinkedIn page, the firm describes themselves as:\r\nThrough the provision of comprehensive research information, reliable sound advice, and exemplary\r\nclient service, Country Group Securities is emerging as a prominent figure in the Thai equity market.\r\nThe institutional equity team, comprising of a diverse and experienced group of professionals, is\r\ndedicated to providing its clientele with excellent service and expertise. With a focus on the client, the\r\ninstitutional equity team is segregated into two divisions; domestic and international, affording each\r\nclient individual service and concentrated expert advice.\r\nIn communications with DataBreaches.net, a spokesperson for the hacker(s) says that their group’s targets are\r\nmainly in the finance or gambling industry. When asked what type of ransomware they were favoring, they\r\nhttps://www.databreaches.net/thai-securities-trading-firm-goes-offline-after-cyberattack/\r\nPage 1 of 2\n\nresponded:\r\nDuring the event of ransomware attacks, there are many cases in which data or files are rendered\r\ncorrupted even after decryption. Hence, we do not favor the usage of ransomware and we usually do not\r\nemploy ransomware techniques on targets. Our methodology is to break into systems, steal the data and\r\nbackup copies of their databases locally with AES-256 encryption.\r\nCommenting specifically on this victim, they wrote:\r\nIt did surprised us that a listed securities trading company actually left their data unencrypted and their\r\nsystems did not detect our access from a list of suspicious black-listed IP addresses. We did prepared\r\nsystems for heavy decryption jobs but apparently there wasn’t a need for it….. There are many red flags\r\nabout how this company protects its servers and its sensitive data. For example, the login credentials of\r\nits employee workstations are left unencrypted in one of the databases. A ransomware based group\r\nwould have infected all of their workstations.\r\nThe attackers inform DataBreaches.net that on December 5, the attackers emailed the directors of CSG and\r\ndemanded 170 BTC from the firm (more than $3 million USD at today’s rates).\r\nWe received no replies or negotiations till date and CGS has blocked our emails from their mail servers.\r\nObviously, we did expected a negotiation from their management, given the magnitude of the hack –\r\nespecially the fact that all of their financial records and client’s sensitive information are already stolen.\r\nHowever, CGS management thinks they could cover up the hack and keep things under wrap by\r\nignoring our emails. The fact is we are still able to break into the systems after 6th December 2020.\r\nAs noted above, since last night, the firm has reportedly taken their servers offline. If a response is received from\r\nthem, this will be updated.\r\nSource: https://www.databreaches.net/thai-securities-trading-firm-goes-offline-after-cyberattack/\r\nhttps://www.databreaches.net/thai-securities-trading-firm-goes-offline-after-cyberattack/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/thai-securities-trading-firm-goes-offline-after-cyberattack/"
	],
	"report_names": [
		"thai-securities-trading-firm-goes-offline-after-cyberattack"
	],
	"threat_actors": [],
	"ts_created_at": 1775874184,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bcbac8f2ccdf29247486b18667a5fcf9c1229fca.pdf",
		"text": "https://archive.orkl.eu/bcbac8f2ccdf29247486b18667a5fcf9c1229fca.txt",
		"img": "https://archive.orkl.eu/bcbac8f2ccdf29247486b18667a5fcf9c1229fca.jpg"
	}
}