Thailand Ministry of Labour cyberattack has intensified as new revelations came which indicates that a planned data breach impacted the Ministry’s digital infrastructure. What was initially reported as a defacement of the Ministry’s website has now been confirmed as a full scale cyberattack on Thailand’s Ministry of Labour that compromised internal systems, encrypted critical data, and disrupted government operations.
Boonsong Tapchaiyut, Permanent Secretary of the Ministry of Labour, had confirmed that on the morning of July 17, 2025, hackers had defaced the Ministry’s official website, replacing its homepage with a message announcing their successful attack.
Further, Boonsong emphasized that the data breach was limited to visible content and that the internal servers and data repositories remained secure.
However, recent developments have painted an extremely different picture.
Hacker Group ‘Devman’ Claims Responsibility
A threat actor identifying as Devman had claimed responsibility for Thailand Ministry of Labour cyberattack through a post on a dark web blog. According to the post, the group had maintained undetected access to the Ministry’s network for more than 43 days, infiltrating Active Directory servers and multiple Linux systems during that period.
The group claims to have exfiltrated over 300 GB of sensitive data, encrypted approximately 2,000 laptops, and taken control of 98 Linux servers and over 50 Windows servers. Moreover, they state that they have completely wiped the Active Directory environment and destroyed all tape backups, rendering data recovery almost impossible.
Website Defacement After Thailand Ministry of Labour cyberattack
Thailand Ministry of Labour cyberattack became publicly known after the Ministry’s website was defaced with a chilling message:
“THIS IS NOT JUST THE WEBSITE. WHAT YOU WITNESS HERE IS PART OF OUR COORDINATED ATTACK, AIMED AT CRIPPLING THIS MINISTRY.”
Although the message was removed shortly afterward and the website was restored using backup files, the deeper implications of the cyberattack are now emerging.
Boonsong stated that immediate actions were taken by the Ministry’s Information and Communication Technology Center (ICTC) to shut down the compromised system, remove the malicious files, and restore web functionality using backups. New security measures were also implemented, including closing access points, and resetting all usernames and passwords.
He further clarified that the circulating claim of a $15 million loss was inaccurate and that damage assessments were still ongoing.
Full System Compromise Confirmed
In an update on Thailand Ministry of Labour cyberattack issued late July 17, the Ministry acknowledged that their internal systems had been compromised and encrypted, with no recovery possible without the decryption key.
An internal error during IT operations has made short-term recovery unlikely, leaving the Ministry’s infrastructure completely down for the time being due to Thailand Ministry of Labour cyberattack.
“The severity of the situation has elevated. We are treating this matter with utmost urgency and will provide more updates as we work through the crisis,” read the official statement.
Legal Action and Cybercrime Report Filed
Boonsong confirmed that the Ministry has filed a report with the Cyber Police, urging legal action against the perpetrators under the Computer Crime Act, citing reputational damage and the entry of false data into a government system.
“I’ve instructed the legal department to examine all possible avenues. This is not just a technical incident — it is a violation of national security and law,” said Boonsong.
What’s Next?
The Ministry of Labour is currently working with external cybersecurity firms, law enforcement, and national cyber defense agencies to determine the full extent of the damage of Thailand Ministry of Labour cyberattack and prevent future incidents. Recovery efforts are underway, though the destruction of backups and encryption of internal systems present a formidable challenge.
As this story continues to unfold, The Cyber Express will monitor updates on the Thailand Ministry of Labour cyberattack, including any official responses, confirmations, or public statements from affected agencies.
