Cyber Incident Victim: Frasers Property Thailand Public Company Limited
Date:
Jul 2022
Location:
Thailand
Summary
Frasers Property Thailand Public Company Limited suffered a cyberattack by the DESORDEN threat actor, resulting in the compromise of 312,834 customer records alongside HR, financial, and corporate data. The group publicly disclosed samples of the stolen information on a hacking forum and provided evidence of the breach to researchers, though no official acknowledgment or media coverage from the victim was observed at the time. This incident occurred amid a broader pattern of attacks targeting Thai entities, with DESORDEN exploiting multiple organizations and leaking substantial volumes of sensitive data across the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late July 2022, DESORDEN threat actors publicly announced a cyberattack on Frasers Property Thailand Public Company Limited, a publicly listed real estate firm. The group provided DataBreaches.net with samples of stolen data and a video demonstrating the breach's scope. DESORDEN listed the incident on a hacking forum, offering a free sample while making the full dataset available for purchase. Their forum post claimed exfiltration of 312,834 personal customer records alongside human resources documents, financial information, and corporate data. DataBreaches.net found no evidence of public disclosure through media reports or Fraser's official website when investigating the claim. An email inquiry sent to Fraser requesting copies of breach notifications and details about affected parties received no immediate response. The attack formed part of a broader targeting campaign against Thai entities that week, with DESORDEN simultaneously breaching Union Auction Public Company Limited and insurance firms Srikrung Broker Co., Ltd. and its subsidiary 724.co.th.
The Frasers breach occurred amid escalating cyber threats against Thailand, with multiple threat actors actively targeting sensitive data. DESORDEN's activities expanded beyond data theft during this period, as they began distributing ransomware builds on hacking forums while claiming to have submitted samples to VirusTotal to improve antivirus detection rates. Concurrently, other forum listings advertised massive datasets purportedly stolen from Thai healthcare providers, government agencies including the Royal Thai Police and Ministry of Public Health, and educational institutions. DESORDEN cast doubt on one such listing claiming 48 million records from Pruksa Clinic by infiltrating the clinic's systems and finding only thousands of patient records. While DESORDEN framed their ransomware distribution and data verification efforts as protective measures, they acknowledged self-interest in maintaining dominance over large-scale Thai data breaches. The incident highlighted systemic vulnerabilities, with multiple breached organizations showing no public response capabilities—Fraser's unacknowledged breach contrasted with Srikrung Broker's confirmed compromise of 369GB containing millions of customer records. DataBreaches.net noted the absence of regulatory guidance for breach response in Thailand despite the escalating attacks.