Cyber Incident Victim: Skynet
Date:
Sep 2021
Location:
Malaysia
Summary
A Malaysian logistics provider experienced a significant cyberattack where threat actors exfiltrated extensive corporate, financial, and customer data. The attackers, identified as Desorden Group, compromised servers for several weeks, accessing databases containing millions of customer records—including personal details like names, birthdates, contact information, and plaintext passwords—alongside internal employee data and airwaybill records. The group claimed the victim’s IT team detected the intrusion and patched one vulnerability, but asserted broader systemic weaknesses remained. The breach also reportedly impacted customer data linked to major e-commerce platforms Shopee and Lazada. Desorden publicly disclosed the incident on a hacking forum that subsequently experienced intermittent clearnet outages, though the forum resumed operations shortly after. Cybersecurity authorities were contacted regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around September 9, 2021, Desorden Group, a threat actor previously linked to the ABX Express breach, infiltrated the servers of Skynet.com.my, a Malaysian logistics provider offering domestic and international carrier services. The attackers maintained unauthorized access for approximately three weeks, exfiltrating databases containing corporate, financial, and customer personal data. Skynet's IT department detected the breach on September 27, 2021, and closed one of multiple vulnerabilities exploited by Desorden Group. The threat actor provided evidence of the compromise to DataBreaches.net, including a video demonstrating access to Skynet's internal directories. This video displayed folders containing 10,000 airwaybill records and a .csv file with information on 3,600 employees. The exposed employee data included names, dates of birth, account numbers, phone numbers, physical addresses, email addresses, encrypted passwords, and plaintext passwords. Desorden Group claimed the breach impacted millions of Malaysian customers and implicated customer data from e-commerce platforms Shopee and Lazada, though neither platform publicly confirmed involvement at the time of reporting.
The attackers announced the breach on a cybercrime forum previously used by groups like ALTDOS to list ASEAN-region hacks, posting their claim approximately 12 hours before the forum became temporarily inaccessible via clearnet, though it remained reachable through Tor. Cybersecurity Malaysia was contacted regarding the incident but had not provided public commentary by the article's publication date. DataBreaches.net also reached out to Lazada and Kerry Logistics (ABX Express's parent company) for responses to Desorden Group's claims about both breaches, but no replies were documented. The forum resurfaced on clearnet shortly after the initial outage. The incident exposed systemic vulnerabilities in Skynet's data protection measures, particularly the storage of sensitive credentials in plaintext alongside encrypted counterparts. While Skynet implemented partial remediation by patching one confirmed vulnerability, Desorden Group's message indicated multiple initial access points remained unaddressed at the time of their communication. The breach highlighted recurring targeting of logistics providers in Malaysia, with compromised data having potential downstream impacts on partner platforms and their customers.