Cyber Incident Victim: Redtone Digital
Date:
Oct 2022
Location:
Malaysia
Summary
A Malaysian telecommunications company, Redtone Digital, suffered a cyberattack by the DESORDEN Group, which claimed responsibility for breaching the company's network in retaliation for alleged media suppression of a prior breach involving another telecom firm. The attackers demanded public disclosure of incidents by victims and threatened further attacks on a third telecom provider if Malaysian journalists continued withholding coverage. DESORDEN exfiltrated data from the company, providing samples but not specifying the total volume or whether it would be sold or leaked. The group criticized local media and authorities for failing to report earlier breaches, asserting that affected customers and employees remained unaware of data compromises. No public statements or acknowledgments were issued by the targeted organization following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 19, 2022, the DESORDEN Group breached redONE Network Sdn Bhd, a Malaysian telecommunications provider. The attackers claimed responsibility but observed no public disclosure by the victim or media coverage in Malaysia. Following this, DESORDEN engaged with a Malaysian journalist who allegedly indicated requiring higher authorization to report on the incident, though the validity of this claim remains unverified. Dissatisfied with the lack of transparency, DESORDEN escalated by targeting REDTONE DIGITAL BHD NETWORK (redTONE) on October 1, 2022, identifying it as redONE’s previous owner. The group publicly claimed responsibility for both breaches on a hacking forum, emphasizing their intent to compel disclosure. They provided samples of exfiltrated data but did not specify the total volume or whether they intended to leak or sell the information. DESORDEN framed the redTONE attack as retaliation for the perceived cover-up of the redONE breach.
Neither redONE nor redTONE responded to external inquiries about the incidents as of October 6, 2022. DESORDEN issued a threat to attack a third Malaysian telecom company if local media continued suppressing breach reports. No Malaysian news outlets had covered either incident by the time of the article’s publication. The lack of disclosure left affected customers and employees unaware their data had been compromised. DESORDEN’s actions highlighted their operational pattern of leveraging repeated attacks to pressure victims into public acknowledgment, though neither telecom’s containment measures or breach impacts were disclosed. The group’s focus shifted to media accountability as a condition for halting further operations.