Burmese hackers have attacked over 50 Thai websites on the back of real-world protests over discrimination against Myanmar migrant workers in Thailand.
“The hacker group is not very sophisticated technically, who are not considered as an APT (APT stands for advanced persistent threat) group. By looking at the ways it operates, they always target on websites with low visitor traffic. They did not seem to have access to the host itself, hindering them from extracting the data,” a local cybersecurity veteran told KrASIA on the condition of anonymity owing to the sensitivity of the subject.
The Union of Underground Myanmar Hackers (UGMH) group said in a Facebook post on January 17 that the group was set to launch a series of attacks against the Thai government in response to the recent discrimination against Burmese migrant workers, who were blamed on social media for spreading COVID-19 in Thailand.
With the anti-Myanmar hate speech flaring in Thailand, Myanmarese workers are being barred from taking public transportation such as buses, motorcycles taxis, or entering offices, according to a Reuters report.
The anti-Myanmar sentiment was further stoked when a Thai court granted bail to a Thai police officer who allegedly raped a 21-year old Burmese woman that was being held at a police station on Koh Samui, as reported by local Thai media Khaosod on January 15.
“In Thailand, Burmese citizens are being discriminated against by Thai people on the grounds of COVID-19 and UGMH strongly disagree to accept such discrimination,” the hacking group said in the same Facebook post.
“Does Thai law allow Thai police to rape Burmese women facing trial in Thailand? [I]n a country like Thailand, which is mainly relying on foreign tourism business, this treatment of foreign prisoners is unacceptable. Take immediate effective legal action against the perpetrator,” the group added.
Attack websites critical of Myanmar government
The UGMH group is known for its attacks on other countries’ websites, especially against those critical of the Myanmar government or supportive of the Muslim Rohingya minority in Myanmar’s Rakhine state.
In 2019, the group claimed that the international community was accusing the Myanmar government of “committing genocide on Bengalis” and thus launched attack on 200 websites in Bangladesh to show support to the Myanmar government, according to a local media report.
While the Myanmar military’s abuses against the Muslim Rohingya minority have been documented by a United Nations report published in March 2018, the use of Bengalis to describe the Rohingya has long been regarded as racial and offensive by the international rights groups, according to a report by The Diplomat in December 2019.
In 2017, the group attacked over 700 websites in Turkey, including government websites, after a government official told the Myanmar Times that a group of Turkish hackers attacked Myanmar government sites in a bid to protest the conflicts happening in Rakhine.
“Most of the hackers are very active and young. They are brought up by some level of the government, so as to pass the political message to the general public,” said the cybersecurity veteran.
Selling clothes online
Apart from hacking, the UGMH group also sells an array of products online in an attempt to fund the group, including t-shirts, hoodies, USB sticks, and face masks. For example, one hoodie costs around MMK 30,000 (USD 22.5), according to its subsidiary Facebook page UGMH Funding.
“Have you ever seen a hacking group that sells t-shirts? They are very blatant. No hacker will leave a trace after hacking. Although the group has announced their attacks openly on Facebook, none of them have been arrested for launching cyberattacks. Without a certain level of approval from the government, they would not be able to get away with what they have been doing,” the veteran added.
He highlighted, “While they do not have any affiliations with other hacking groups. Some of their members are coming from The Blink Hacker Group who have been helping them to launch the attacks. The lack of cybersecurity law means that no legal actions will be taken against the group. Although it seems to break Facebook’s community standards, no actions have been taken from the social media giant too.”
In 2016, The Blink Hacker Group attacked the websites of the Thai prison agency and justice ministry in retaliation for Thailand sentencing two Burmese citizens to death for murdering two British backpackers in 2015, Reuters reported.