Cyber Incident Victim: Srikrung Broker Co.

In late July 2022, DESORDEN threat actors breached Srikrung Broker Co., Ltd., a publicly listed Thai insurance brokerage firm. The group announced the intrusion on a hacking forum, claiming exfiltration of over 369 GB of data containing approximately 3.28 million customer records and 462,980 agent records. DESORDEN provided evidence through forum samples and shared details with DataBreaches.net, though the outlet did not independently verify the claims. Srikrung Broker issued a public statement acknowledging the breach, distinguishing it as one of the few confirmed responses among DESORDEN's Thai targets that week. Three days after the Srikrung compromise, DESORDEN reported breaching 724.co.th, an insurance marketplace subsidiary, alleging theft of 1.75 TB of scanned identification documents and loan agreements. Attempts to access 724.co.th’s website by DataBreaches.net following the announcement resulted in connection timeouts, though no official outage confirmation was available.

The incident formed part of a broader DESORDEN campaign against Thai entities that week, including Frasers Property Thailand and Union Auction Public Company Limited. DESORDEN monetized the stolen data through hacking forum listings, offering free samples while selling bulk access. Unlike typical ransomware operations, DESORDEN clarified they did not deploy ransomware against Srikrung or other recent victims, instead focusing on data exfiltration and extortion. Concurrently, DESORDEN distributed ransomware builders on forums after pre-submitting samples to VirusTotal—a tactic they claimed limited misuse by inexperienced attackers through improved antivirus detection. The breach exposed sensitive customer and agent information at scale, compounding risks for Srikrung’s client base when coupled with the subsequent 724.co.th compromise. No further details regarding customer notifications, forensic findings, or regulatory actions were disclosed in available sources.