Cyber Incident Victim: DESORDEN

In September 2021, the Desorden Group breached Skynet, a Malaysian logistics provider offering domestic and international carrier services. The attackers claimed unauthorized access to Skynet's servers for three weeks, exfiltrating corporate, financial, and customer databases. Evidence provided to DataBreaches.net included a video demonstrating access to Skynet's directories, showcasing files containing 10,000 airwaybill records and a .csv file with personal details of 3,600 employees. Compromised data encompassed names, dates of birth, account numbers, phone numbers, physical addresses, email addresses, encrypted passwords, and plaintext credentials. Desorden asserted the breach impacted millions of Malaysian customers and implicated data from e-commerce platforms Shopee and Lazada. Skynet's IT department detected the intrusion on September 27, 2021, and remediated one of multiple vulnerabilities exploited by the threat actors, though the full scope of initial access vectors remained unconfirmed.

Desorden publicly claimed responsibility through a message to Skynet, stating their awareness of the partial vulnerability closure while emphasizing ongoing system weaknesses. The group disseminated breach details on a cybercrime forum previously associated with ASEAN-focused threat actors like ALTDOS, though the forum became temporarily inaccessible via clearnet shortly after the Skynet disclosure, remaining reachable via Tor. DataBreaches.net verified the forum's clearnet restoration within hours but received no responses from Lazada, Shopee, or Cybersecurity Malaysia regarding mitigation efforts or breach validation. Kerry Logistics, parent company of previously breached ABX Express, also did not acknowledge inquiries. The incident highlighted recurring targeting of Malaysian logistics providers, with Desorden leveraging similar tactics across multiple attacks and utilizing established platforms for data disclosure despite intermittent infrastructure disruptions.