Cyber Incident Victim: ALTDOS

On December 4, 2020, the threat actor group ALTDOS breached the systems of Country Group Securities (CGS), a Thailand-based securities trading firm listed on the Stock Exchange of Thailand. The attackers exfiltrated sensitive financial and customer databases containing unencrypted personal and financial information of clients and employees, including unencrypted login credentials for employee workstations stored in a database. ALTDOS also encrypted local backup copies of databases using AES-256 encryption but did not deploy ransomware on workstations, citing concerns about data corruption from decryption processes. After receiving no response to initial communications with CGS, the group escalated by contacting Thai media outlets on December 4 to publicize the attack and subsequently uploaded samples of stolen data to file-sharing sites as proof of compromise. On December 5, ALTDOS emailed CGS directors demanding 170 BTC (approximately $3 million USD) for data deletion, but reported no engagement from the company, which blocked their emails instead.

CGS took its public-facing servers offline by December 5-6, though ALTDOS claimed continued system access post-takedown. The attackers criticized CGS's cybersecurity practices, noting unencrypted sensitive data, failure to detect unauthorized access from blacklisted IP addresses, and inadequate server protections. The compromised data included financial records, client information, and operational details, exposing customers and employees to potential fraud. ALTDOS stated their typical targets were financial or gambling sector entities and emphasized data theft over ransomware deployment. No public acknowledgment or remediation efforts by CGS were documented in the available sources following the server takedown. The incident disrupted CGS's online services and highlighted systemic security deficiencies within the organization.