CFOtech New Zealand - Technology news for CFOs & financial decision-makers
New Zealand
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
DDoS
#
Cybersecurity
#
Threat intelligence

Thai organisations face surge in cyberattacks after border clash

Yesterday
Author image
By Melvin Hipolito, Editor

Cyberattacks targeting Thai organisations have risen sharply in the wake of a border incident between Thailand and Cambodia resulting in the death of a Cambodian soldier.

A hacktivist group calling itself AnonSecKh, also known as ANON-KH or Bl4ckCyb3r, has claimed responsibility for a series of attacks against several prominent entities in Thailand. The group, communicating via Telegram channels, began its campaign on 23 March 2025, initially targeting Thai government websites before expanding its focus.

Rising activity

According to research from Radware, AnonSecKh leveraged proof-of-impact reports to validate its distributed denial of service (DDoS) attack claims. These claims have been primarily documented between 28 May and 10 June 2025, during which time the group claims 73 attacks on Thai organisations.

The majority of these attacks targeted government websites, which accounted for nearly 30% of the group's claims. Military institutions followed closely behind with almost 26%, with manufacturing (approximately 15%) and finance (more than 7%) also targeted. These attacks spanned a variety of sectors, with a focus on highly visible and essential institutions.

AnonSecKh's campaign intensified noticeably after the border incident involving Cambodian and Thai soldiers. "An incident at the border area between Thailand and Cambodia triggered a hacktivist-led cyber campaign targeting Thai organizations and institutions," Radware noted.

History of regional cyber incidents

This is not the first time the region has seen such politically-motivated cyber activity. Radware's intelligence report notes, "Cyber incidents in the region are not uncommon. In the past, politically motivated Cambodian hacktivist groups, such as ANONSECKH, H3C4KEDZ, and NXBBSEC, have launched attacks in response to rising border tensions or nationalistic disputes."

AnonSecKh first drew attention by attacking Thai government portals in March. By the end of that month, the group claimed responsibility for attacks on a wide range of government, academic and commercial websites. Activity slowed in April, but by late April, AnonSecKh had expanded its efforts to include financial institutions in Vietnam.

Escalation after border incident

A significant escalation occurred after the border incident on 28 May. Radware highlights that "Between May 1 and May 27, only 20 attack claims targeting Thailand were observed, but between May 28 and June 10, the number of claimed attacks jumped to a staggering 64."

Early June saw a temporary drop in activity. According to Radware, "In early June, there was a brief slowdown with only a few isolated incidents. However, following the strong public statement from the Thai military on June 6, AnonSecKh resumed and scaled up its attacks, continuing its campaign against Thai institutions and showing no intention of slowing down at the time of writing."

Motivation and implications

AnonSecKh's operations appear to be politically motivated, typically focusing on countries perceived as harming Cambodia. The group's attack patterns have been closely tied to real-world events at the Thailand-Cambodia border, reflecting a form of digital retaliation.

"AnonSecKh's activity highlights several key risks. First, their attacks are tightly linked to political incidents and demonstrate a reactive pattern. This suggests that even isolated or symbolic events can trigger immediate cyber responses.
Second, the group has shown the ability to launch rapid and intense attack waves. The sharp jump in volume following key events reflects a high level of coordination and intent.
Finally, the choice of targets such as government resources, universities and financial institutions raises concerns about potential real-world disruptions. These attacks aren't just aimed at making a statement, they are an attempt at damaging public trust and interfering with essential services."

Radware's analysis indicates that the situation remains dynamic, with AnonSecKh continuing to target Thai organisations, particularly following any developments related to regional disputes or public statements from government or military officials.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Sumsub adds advanced device intelligence to boost fraud defence
BlackLine appoints Sam Balaji to Board for global growth drive
APAC leads with USD $11.3m average AI spend as global gap widens
Datadog launches enhanced log tools for cost & compliance needs
NZ cyber incidents cause NZD $7.8 million loss in early 2025
Top stories
Ecommpay shortlisted for best eCommerce payment solution award
Puma & Adyen unify payments to enhance Asia Pacific retail
Chris Petzoldt departs Simon-Kucher after twenty five years
Consumers cut spending as inflation & tariffs hit groceries
Grammarly adopts Gr4vy no-code platform to expand payment options