{ "id": "0ed94723-87d7-45ff-b01f-0a67208f4b47", "created_at": "2026-04-09T02:23:55.914311Z", "updated_at": "2026-04-10T13:11:58.371105Z", "deleted_at": null, "sha1_hash": "c39987fadf16b26ca10417439670244328a65597", "title": "Another Malaysia carrier allegedly hacked and data exfiltrated -- Skynet - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 215387, "plain_text": "Another Malaysia carrier allegedly hacked and data exfiltrated --\r\nSkynet - DataBreaches.Net\r\nPublished: 2021-10-01 · Archived: 2026-04-09 02:04:37 UTC\r\nDesorden Group, who recently claimed to have successfully breached ABX Express, has contacted\r\nDataBreaches.net to report yet another logistics firm breach. This time, the claimed victim is Skynet.com.my. \r\nSkynet is a  carrier company in Malaysia that provides  domestic and international carrier services.\r\nDesorden Group provided DataBreaches.net with proof of claim — a video taken showing Skynet’s folders, and\r\nsome of the files within the folders.  One file included 10,000 airwaybill records, while another .csv file contained\r\ninformation on 3,600 employees. Personal information in the files included names, date of birth, account numbers,\r\nphone numbers, address, email addresses, encrypted passwords but also passwords in plaintext, and more.\r\nA message included with the video to Skynet reads:\r\nTHIS IS DESORDEN GROUP. WE HAVE HACKED AND BREACHED SKYNET.COM.MY\r\nSERVERS FOR 3 WEEKS AND STOLEN MAJORITY OF THE DATABASES, RANGING FROM\r\nCORPORATE, FINANCIAL TO CUSTOMER PERSONAL DATA.\r\nWE KNOW YOUR IT DEPARTMENT HAS DISCOVERED THE DATA BREACH ON 27TH\r\nSEPTEMBER 2021 AND CLOSED ONE OF THE MANY VULNERABILITIES WHICH WERE\r\nUSED TO BREACH YOUR SERVERS.\r\nHERE IS A VIDEO RECORDING OF YOUR FILES AND DATABASES FOR VERIFICATION.\r\nAccording to Desorden Group, the breach involves millions of Malaysian customers’ data.  And as with the ABX\r\nExpress breach, Desorder claims that Shopee and Lazada customer data is caught up in the breach. Lazada had\r\nnever responded to DataBreaches.net’s inquiries about the ABX Express, and DataBreaches.net has now reached\r\nout to them again to ask what they are doing in response to these claims.\r\nKerry Logistics never responded to the ABX Express breach, and this site has reached out to them again, too.\r\nDataBreaches.net has also reached out to Cybersecurity Malaysia to see what they can tell us about their efforts to\r\ndeal with the rising cybercrime in the business sector.\r\nA popular forum where Desorden Group had posted notices about their databases, is not reachable this morning on\r\nclearnet, but is reachable on Tor. Whether there is any connection between specific posts on that forum and what is\r\ngoing on is unknown. In recent months, the forum has listed a number of hacks or leaks from ASEAN countries,\r\nincluding some very large firms. Last month, threat actors known as ALTDOS reported that some of their servers\r\nhad been taken down by their host, but they did not know at whose request or under what legal process.  Desorden\r\nposted the Skynet incident within the last 12 hours to the same forum ALTDOS has used to list its hacks and leaks.\r\nAnd then the forum was no longer reachable…?\r\nhttps://www.databreaches.net/another-malaysia-carrier-allegedly-hacked-and-data-exfiltrated-skynet/\r\nPage 1 of 2\n\nImage: Redacted by DataBreaches.net\r\nIs the forum being down on clearnet related to all the recent uptick in posts from Malaysia and other ASEAN\r\ncountries or is this a coincidence?  DataBreaches.net will be watching the situation.\r\nUpdated 11:55 am:  RaidForums is back online on clearnet. \r\nSource: https://www.databreaches.net/another-malaysia-carrier-allegedly-hacked-and-data-exfiltrated-skynet/\r\nhttps://www.databreaches.net/another-malaysia-carrier-allegedly-hacked-and-data-exfiltrated-skynet/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.databreaches.net/another-malaysia-carrier-allegedly-hacked-and-data-exfiltrated-skynet/" ], "report_names": [ "another-malaysia-carrier-allegedly-hacked-and-data-exfiltrated-skynet" ], "threat_actors": [ { "id": "e5ccc758-f2a5-417b-ba5c-70edf39bc048", "created_at": "2022-10-25T16:07:24.481513Z", "updated_at": "2026-04-10T02:00:05.005021Z", "deleted_at": null, "main_name": "Desorden", "aliases": [], "source_name": "ETDA:Desorden", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "3a69a32c-82d0-431b-b5ab-34a070bf8d94", "created_at": "2023-11-08T02:00:07.154393Z", "updated_at": "2026-04-10T02:00:03.428568Z", "deleted_at": null, "main_name": "Desorden Group", "aliases": [], "source_name": "MISPGALAXY:Desorden Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "348b092b-f28a-41d0-a7f2-4c399f2f973f", "created_at": "2024-06-25T02:00:05.046536Z", "updated_at": "2026-04-10T02:00:03.664032Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [], "source_name": "MISPGALAXY:ALTDOS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad", "created_at": "2022-10-25T16:07:24.444096Z", "updated_at": "2026-04-10T02:00:04.994412Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [ "0mid16B", "ALTDOS", "Desorden", "GHOSTR" ], "source_name": "ETDA:ALTDOS", "tools": [ "Agentemis", "Cobalt Strike", "CobaltStrike", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775701435, "ts_updated_at": 1775826718, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c39987fadf16b26ca10417439670244328a65597.pdf", "text": "https://archive.orkl.eu/c39987fadf16b26ca10417439670244328a65597.txt", "img": "https://archive.orkl.eu/c39987fadf16b26ca10417439670244328a65597.jpg" } }