Cyber Incident Victim: Union Auction Public Company Limited

On or around July 28, 2022, DESORDEN threat actors publicly claimed responsibility for a cyberattack against Union Auction Public Company Limited, a Thai publicly listed company. The group announced the breach on a popular hacking-related forum, offering a free sample of the stolen data while making the remainder available for purchase. DESORDEN asserted they had exfiltrated over 30,000 personal data records belonging to the company’s members, though the specific data types were not detailed in their forum post. This announcement followed a pattern of DESORDEN’s recent targeting of Thai entities, including Frasers Property Thailand and Srikrung Broker Co., Ltd., which were breached in the same timeframe. No evidence suggested ransomware deployment in this incident, consistent with DESORDEN’s stated preference for data exfiltration over encryption-based attacks.

DataBreaches.net attempted to verify the breach by checking Union Auction’s website and media sources but found no public acknowledgment or notification regarding the incident. The outlet sent an email inquiry to Union Auction requesting details about notifications or press releases, but the message bounced back as undeliverable. A subsequent attempt to contact the company through its website contact form also failed, leaving the breach unconfirmed by the victim organization. DESORDEN’s broader activities during this period included distributing ransomware builds on hacking forums after pre-submitting them to VirusTotal to reduce their effectiveness, though this tactic was unrelated to the Union Auction intrusion. The incident exemplified persistent targeting of Thai entities by multiple threat actors, with forum listings during this period advertising large datasets from Thai clinics, government agencies, and academic institutions, though DESORDEN cast doubt on one listing’s credibility by hacking the purported victim to disprove its scale.