Cyber Incident Victim: Jasmine International PLC
Date:
Nov 2020
Location:
Thailand
Summary
A Thailand-based company, Jasmine International PLC, experienced multiple cyberattacks by threat actors ALTDOS targeting its subsidiaries 3BB and MONO after ransom negotiations failed. The attackers initially compromised 3BB's systems, exfiltrating 8 million customer records containing personal identifiers and credentials, then escalated to MONO's servers, stealing hundreds of gigabytes of corporate financial data and comprehensive HR records—including employee family details, salaries, and bank account information—when Jasmine refused a $500,000 payment demand. Subsequent negotiations collapsed due to internal executive disagreements, prompting ALTDOS to leak partial datasets and increase demands to $1.5 million after the company publicly downplayed the breaches. Jasmine's incident response strategy, including delayed communications and attempts to minimize the attacks' severity, provoked further data disclosures by the threat actors. No breach notifications to affected individuals or regulators were confirmed, potentially exploiting Thailand's delayed enforcement of data protection laws.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving Jasmine International PLC subsidiaries began in November 2020 when threat actors ALTDOS breached 3BB, a fixed broadband service provider with millions of customers. ALTDOS claimed to have exfiltrated 8 million customer records containing names, addresses, dates of birth, national ID numbers, mobile numbers, email addresses, usernames, and passwords, along with corporate records. They initiated ransom negotiations on December 18, 2020, demanding $500,000 from Jasmine International PLC, which owned both 3BB and MONO Next Public Company. When Jasmine refused payment, ALTDOS escalated attacks by breaching 12 data servers at MONO in December 2020, stealing hundreds of gigabytes of databases to pressure management into negotiations. MONO management initially requested more time on December 26 but ceased communication, prompting ALTDOS to conduct a second attack on 3BB’s Wifi Hotspot servers on New Year’s Day 2021, stealing 2.8 million additional user records.
Following the second 3BB breach, Jasmine reengaged in negotiations through a new representative. ALTDOS rejected Jasmine’s proposal to pay one-third of the ransom upfront with security consulting contracts covering the remainder, countering with an eight-week installment plan. Negotiations collapsed when senior executives refused the payment terms, leading ALTDOS to leak partial MONO data on January 7, 2021. MONO’s subsequent press release downplaying the breach triggered ALTDOS to publicly disclose extensive stolen data, including 2,900+ complete employee HR records containing family member details, education history, employment records, salaries, and 20,000 employee resumes. ALTDOS also revealed exfiltration of 8 million customer records, corporate financial data including bank account balances, transaction histories, and advertiser payment details from 2014-2020, while criticizing Jasmine’s security posture for lacking firewalls and failing to detect two months of unauthorized access. Jasmine’s attempts to suppress media coverage in Thailand contrasted with Thailand’s Personal Data Protection Act requirements for breach notification within 72 hours, though regulatory compliance status remained unclear due to possible implementation extensions. The breaches exposed systemic vulnerabilities across multiple subsidiaries, amplified reputational risks from prior executive misconduct cases, and resulted in ALTDOS increasing ransom demands to $1.5 million following successive data thefts.