SOCRadar® Cyber Intelligence Inc. | Ransomware Strikes Thailand Manufacturing Industry


Oct 27, 2022
3 Mins Read

Ransomware Strikes Thailand Manufacturing Industry

Data leaks are a significant concern for every organization. Between September 2021 and September 2022, theft or leak of data has been a big issue for Thailand as well, through various means such as the dark web, ransomware threats, and phishing, mostly against government and manufacturing industries.

With the help of SOCRadar’s Thailand Threat Landscape Report, businesses can define their cybersecurity needs, design their enterprise-wide security strategies, and choose where to invest. 

Click the button below to download the full report.

121 Unique Threat Actors in Dark Web Targeted Thailand 

Thailand was the target of 121 different threat actors, according to SOCRadar’s research. The report contains information on the threat actors who are most active in attacking Thai organizations. 

Data from DarkMirror shows that the “public sector, education, and media & entertainment” sectors were Thailand’s top three most targeted sectors

Also, 14,534 dark web posts have been discovered by SOCRadar DarkMirror. 190 of these postings were about organizations in Thailand. SOCRadar’s Dark Web Team has prepared the numbers below after extensive data analysis.

Top 5 Dark Web Post Types
Top 5 Dark Web Post Types

Customer data leak posts made up more than half of the dark web posts, and most were related to Thailand’s public sector. You can find the major dark web incidents in our report. 

Big Ransomware Groups Targeting Thai Organizations 

52 different ransomware groups carried out 2,900 operations worldwide between September 2021 and September 2022. 53 of these attacks targeted organizations in Thailand, and the LockBit gang conducted about half. The majority of the targets were companies in the manufacturing industry.

Industries targeted by ransomware in Thailand
Industries targeted by ransomware in Thailand

Including LockBit, SOCRadar tracked 20 different ransomware groups that targeted Thai companies. The most active ransomware families that targeted Thailand: 

19 of the 53 ransomware victims refused to pay the ransom demand. Thus, nearly 36% of ransomware operations exposed organizations’ data

Most Exploited Vulnerabilities 

Even though they had been patched for a while, 2880 hosts were still susceptible to the HeartBleed vulnerability (CVE-2014-0160) and 1050 hosts to the BlueKeep vulnerability (CVE-2019-0708). 

Other critical vulnerabilities with high numbers of vulnerable hosts in Thailand: 

Also, SOCRadar detected more than 3 million open ports in Thailand as of September 24, 2022. Remote Desktop Protocol (RDP, port 3389) ports were among the approximately 17,000 open ports. You can find these ports as a list in the report. 

Get the full report to learn more about Thailand’s phishing landscape, DDoS attacks, state-sponsored APT activity, and other topics.