On September 26, the notorious hacking group “Desorden Group” announced a data breach attack against one of the telecommunication giants in Malaysia, redONE. This discovery was found by our dark web monitoring team in iZOOlogic in an underground cybercriminal forum, adding that the group had already shared data samples of the hack, which was then confirmed authentic by other actors.
First established in 2021, redONE Network Sdn Bhd boasts itself as the first Mobile Virtual Network Operator (MVNO) to provide postpaid services using Celcom Axiata’s 5-star network infrastructure. With over 1.2 million subscribers, the telecom firm also offers financial services via bank partnerships (Citibank, HSBC, and Alliance Bank) for redCard; and insurance services via partnerships (AIG and Takaful) for redCare, in which both services were also breached during the second attack attempt against the telco firm.
According to the Desorden Group, the compromised data of redONE telecom involved databases and source codes.
The threat group’s post in an underground forum explained that a massive database of redONE’s customers had been included in the compromised data, which included their full names, NRIC or National Identification Number, residential addresses, phone numbers, email addresses, and more.
Desorden Group also provided instructions for users to verify whether the provided data samples are valid. Users must open the redOne-sample[.]csv file they had attached on the post, and then select a random value from the NRIC column inside the file. Once a random value is selected, users are instructed to visit redONE’s official website ID Checker, where they can input the selected NRIC value, select one from postpaid or prepaid, and finally submit it for verification.
The affected telecom firm is given 48 hours to respond to the Desorden Group unless their compromised data is threatened to be sold publicly to other threat actors.
Given the number of customers that could be affected by this latest data breach incident, all redONE customers are advised to monitor any malicious activities using their personal information. In usual cases, threat actors are known to abuse people’s compromised data to conduct fraudulent campaigns like phishing and identity theft for scams.
There is speculation that the data breach incident in redONE is being covered up in Malaysia, although we have yet to confirm this. Our security experts will continue to monitor this issue and share more details once available.
