{
	"id": "89dba67b-d3b0-458c-a057-4d0c167dd0c4",
	"created_at": "2026-04-09T02:24:14.631463Z",
	"updated_at": "2026-04-10T03:36:01.43398Z",
	"deleted_at": null,
	"sha1_hash": "cedf99d4fe7d986989f40dc67cb8598d28e92333",
	"title": "Revenge telecom hacking by DESORDEN Group; third attack threatened - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35373,
	"plain_text": "Revenge telecom hacking by DESORDEN Group; third attack\r\nthreatened - DataBreaches.Net\r\nPublished: 2022-10-06 · Archived: 2026-04-09 02:20:15 UTC\r\nDESORDEN Group has added a new transparency demand to their attacks against Malaysian entities: victims\r\nmust disclose the breach publicly if they have not paid the attackers. If the victim doesn’t disclose and Malaysian\r\nmedia does not report the incident, Malaysia should expect more breaches.\r\nThe added demands arose after DESORDEN claimed they spent hours answering questions from a Malaysian\r\njournalist about the redONE telecom breach. The journalist then supposedly told them that they needed to seek\r\npermission from a higher authority before their paper could publish a data breach of a telecom in Malaysia. \r\nDataBreaches does not know whether a journalist or paper needs any such authorization or if there was some\r\nmisunderstanding of what was said. Still, it does appear that the hack of redONE was not reported by any\r\nMalaysian news outlet. If redONE has not disclosed and does not disclose, affected customers and employees may\r\nnot know that their data has been stolen, leaked, and possibly sold.\r\nredONE never responded to inquiries DataBreaches sent about the incident.\r\nA Second Telecom Hacked\r\nIn response to the lack of transparency and coverage, DESORDEN hacked a second Malaysian telecom.\r\n“We take responsibilities for the hack and data breach of REDTONE DIGITAL BHD NETWORK\r\n(www.redtone.com) on 1st October 2022,” their latest post on a hacking forum begins.\r\n“This attack is in response to the cover-up of the first telecommunication company redONE Network Sdn Bhd\r\n(www.redone.com.my) which we breached on 19th September 2022….”\r\nDESORDEN’s post states that REDTONE DIGITAL BHD NETWORK is the previous owner of redONE.\r\nAs they have done previously, DESORDEN provided samples of data they claim to have exfiltrated. They do not\r\nindicate how many files, in total, they have. Nor do they indicate whether they intend to sell or leak the data.\r\nTheir message is clear, though:\r\nIf Malaysian journalists continue to cover up the data breaches, Malaysians can expect a 3rd telecom\r\ncompany attack.\r\nAs of this morning, DataBreaches cannot find any media coverage in Malaysia of either the redONE or redTONE\r\nbreaches.\r\nDataBreaches submitted an inquiry to redTONE, but no reply was immediately received. This post will be updated\r\nif a response is received.\r\nhttps://www.databreaches.net/revenge-telecom-hacking-by-desorden-group-third-attack-threatened/\r\nPage 1 of 2\n\nSource: https://www.databreaches.net/revenge-telecom-hacking-by-desorden-group-third-attack-threatened/\r\nhttps://www.databreaches.net/revenge-telecom-hacking-by-desorden-group-third-attack-threatened/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.databreaches.net/revenge-telecom-hacking-by-desorden-group-third-attack-threatened/"
	],
	"report_names": [
		"revenge-telecom-hacking-by-desorden-group-third-attack-threatened"
	],
	"threat_actors": [
		{
			"id": "e5ccc758-f2a5-417b-ba5c-70edf39bc048",
			"created_at": "2022-10-25T16:07:24.481513Z",
			"updated_at": "2026-04-10T02:00:05.005021Z",
			"deleted_at": null,
			"main_name": "Desorden",
			"aliases": [],
			"source_name": "ETDA:Desorden",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "3a69a32c-82d0-431b-b5ab-34a070bf8d94",
			"created_at": "2023-11-08T02:00:07.154393Z",
			"updated_at": "2026-04-10T02:00:03.428568Z",
			"deleted_at": null,
			"main_name": "Desorden Group",
			"aliases": [],
			"source_name": "MISPGALAXY:Desorden Group",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad",
			"created_at": "2022-10-25T16:07:24.444096Z",
			"updated_at": "2026-04-10T02:00:04.994412Z",
			"deleted_at": null,
			"main_name": "ALTDOS",
			"aliases": [
				"0mid16B",
				"ALTDOS",
				"Desorden",
				"GHOSTR"
			],
			"source_name": "ETDA:ALTDOS",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775701454,
	"ts_updated_at": 1775792161,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cedf99d4fe7d986989f40dc67cb8598d28e92333.pdf",
		"text": "https://archive.orkl.eu/cedf99d4fe7d986989f40dc67cb8598d28e92333.txt",
		"img": "https://archive.orkl.eu/cedf99d4fe7d986989f40dc67cb8598d28e92333.jpg"
	}
}