Qilin ransomware group has added Thonburi Energy Storage Systems, a prominent battery manufacturer based in Thailand, to its victim list.
In their post, the hacker collective claimed that the company had chosen not to communicate with them “in any way”, following which they decided to start the publication of various documents.
Addressing the data dump from the alleged TESM cyber attack, Qilin ransomware group wrote, “The company has decided not to contact our team in any way so we are starting a large publication of various documents.”
Details about the TESM cyber attack
Threat Intelligence Service Falcon Feeds tweeted about the alleged cyber attack on Thonburi Energy Storage Systems with the above screenshot from the ransomware group’s dark web portal.
“At the moment you can read the screenshots below,” Qilin ransomware wrote referring to the five samples of documents they claim to have exfiltrated from the TESM cyber attack.
On August 7, the Qilin ransomware group posted about the TESM cyber attack, sharing a link to the targeted website – MERCEDES-BENZ.CO.TH. The provided link remained accessible at the time of writing.
In December 2019, Mercedes-Benz Cars expanded its Battery Production Network by establishing a new Plug-In Hybrid Battery Factory in Thailand.
Collaborating with local partners Thonburi Automotive Assembly Plant (TAAP) and Thonburi Energy Storage Systems (TESM), Mercedes-Benz AG invested over 100 million euros in battery production and expanding the existing vehicle production plant.
The Cyber Express has emailed the company for a statement regarding the claims of the TESM cyber attack. We will update this report based on their response.
Cybercriminals Strike Thailand: TESM Cyber Attack and OpThailand
In just the first half of 2023, several banks in Thailand were targeted by hackers as part of Operation Thailand/ #OpThailand.
This was claimed by the group NDT SEC, which listed the names of nine banks to be attacked in the future. While the threat to launch a cyber attack on the Bank of Ayudhya was made by NDT SEC, it appears that the actual attack was executed by K0LzSec, indicating a potential collaboration among hacker groups.
A surge in collaborative efforts among hackers, who are now frequently banding together to expose and publicly denounce targeted organizations, has been witnessed in the recent past.
Some use similar ransom notes leading to suspicions of them being of the same group, while others try to offer tools and services outside of their own targeting of companies.
An escalation is noticeable in the number of cybercriminal groups aligning themselves with causes such as the people of Sudan, actively engaging in Distributed Denial of Service (DDoS) attacks against organizations.
Hackers have been found to have endorsed a version of ChatGPT called the NugetaGPT that can help with malicious tasks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.