Reinforcing Cybersecurity: Protecting Over 1.5 Million Servers in Thailand to Counter Hacking Threats from Cambodia
In the wake of a military clash on the Thai-Cambodian border on July 24, 2025, the cyber warfare between the two nations has intensified. The conflict, marked by DDoS attacks, website hacking, data breaches, and public exposure of opposing hackers, has become a significant aspect of the broader military and diplomatic tensions.
On the Cambodian side, the National Defensive Cambodia and Dark Storm Team have claimed responsibility for launching DDoS attacks and hacking Thai government websites. In response, the Thai cyber warriors, including the BlackEye-Thai group, have conducted counterattacks, breaching Cambodian government websites and exposing the identity of the NXBBSEC group, a group previously responsible for hacking Thai agencies. Other Thai hacker groups, such as Thai Is God, T.R.A.N.C.E, Black Iron, and KH Nightmare, have united in solidarity after the border clashes.
KH Nightmare, a newly formed group, has been particularly active, hacking into several prominent Cambodian targets, including Apple IDs, digital wallets, Facebook accounts, and cryptocurrency portfolios. On July 27, KH Nightmare claimed responsibility for hacking into 47 Cambodian government agencies, extracting 800 GB of data. The group later released two files containing 235 website domains, 4,570 user account credentials, and information on the industries linked to the targeted websites.
Air Vice Marshal Amorn Chomchey, Secretary-General of the NCSA, revealed a decrease in cyberattacks, particularly those using DDoS techniques. However, personal data breaches continue to pose a threat, with hackers often exploiting them to falsely claim success.
To combat these threats, the Thai Computer Emergency Response Team (ThaiCERT) is monitoring 1.5 million servers nationwide, operating 24/7. The NCSA has also increased vigilance, focusing on cooperation with 30 key government agencies to stay updated and forecast potential risks. In the event of an attack, the agency can mitigate the incident within 5 minutes using advanced legal tools.
The cyber conflict has continued even after a ceasefire in the physical border conflict, illustrating the intensity and persistence of the cyber operations by both sides. For the past two months, ThaiCERT recorded over 500 cyberattack attempts, with DDoS attacks amounting to 1 million instances and 500,000 unsuccessful attempts to breach systems.
This escalating cyber conflict has caused considerable alarm among Cambodian hackers, with several ad-hoc groups in Thailand, including Thai Is God, T.R.A.N.C.E, Black Iron, and KH Nightmare, coming together in solidarity. The border clash and subsequent cyber warfare have highlighted the need for both nations to strengthen their cybersecurity measures and maintain peace in the digital realm.
References: 1. Source 1 2. Source 2 3. Source 3 4. Source 4 5. Source 5
- The escalating cyber conflict between Thailand and Cambodia has become a significant aspect of their broader military and diplomatic tensions, with hacking incidents leading to public exposure of opposing hackers.
- The National Defensive Cambodia and Dark Storm Team are among the groups responsible for launching DDoS attacks and hacking Thai government websites, while the BlackEye-Thai group and other Thai hacker groups have retaliated with counterattacks.
- KH Nightmare, a newly formed Thai hacker group, has been particularly active in hacking into Cambodian targets, including digital wallets, Facebook accounts, and cryptocurrency portfolios.
- Air Vice Marshal Amorn Chomchey revealed a decrease in cyberattacks using DDoS techniques, but personal data breaches continue to pose a threat, with hackers often exploiting them to falsely claim success.
- To combat these threats, the Thai Computer Emergency Response Team (ThaiCERT) is monitoring 1.5 million servers nationwide and operating 24/7, while the NCSA focuses on cooperation with 30 key government agencies to stay updated and forecast potential risks.
- The ceasefire in the physical border conflict has not stopped the cyber operations by both sides, with ThaiCERT recording over 500 cyberattack attempts in the past two months.
- The escalating cyber conflict has caused alarm among Cambodian hackers, with several ad-hoc groups in Thailand coming together in solidarity, highlighting the need for both nations to strengthen their cybersecurity measures and maintain peace in the digital realm.
- The cyber conflict, marked by DDoS attacks, website hacking, data breaches, and public exposure of opposing hackers, can have far-reaching impacts, influencing not just business and finance but also personal-finance, cybersecurity, politics, general-news, crime-and-justice, health, industry, technology, sports, and sports-betting.
- Sources: 1, 2, 3, 4, 5 (includes information about the ongoing border conflict, the specific hacking incidents, and the responses of each nation's cybersecurity agencies).
