Thailand Confronts an Escalating Crisis of Corporate Disinformation

Thailand Confronts an Escalating Crisis of Corporate Disinformation

A new comprehensive analysis of the global security landscape reveals that Thailand has become a primary battleground for digital disinformation. The country now ranks second globally regarding the severity of threats businesses face from false information campaigns. This finding comes from the latest World Security Report published by Allied Universal and G4S. The survey gathered insights from over 2300 Chief Security Officers worldwide. It paints a stark picture of a nation where misinformation has evolved from a nuisance into a weaponized corporate threat. The data indicates that 78 percent of medium to large companies in Thailand were targeted by misinformation and disinformation campaigns over the past year. This statistic places Thailand at the epicenter of a disturbing trend where information warfare directly impacts economic stability and operational continuity.

The report highlights that the nature of these threats is not merely accidental. In 60 percent of cases, experts noted that more than half of the threat actors they encountered were driven by disinformation. This is the second highest rate observed anywhere in the world. The motivation behind these campaigns is often malicious. Actors seek to manipulate stock prices, ruin corporate reputations, or sabotage business operations. Sanjay Verma, President for Asia and the Middle East at G4S, pointed to the broader context driving these issues. He noted that the region is facing complexities arising from geopolitical tensions and economic volatility. These factors are accelerating financially motivated cybercrimes and creating new patterns of threats that businesses are struggling to manage.

The Strategic Importance of Thailand

Security analysts suggest several reasons why Thailand has become such a lucrative target for these operations. The country serves as a critical regional financial hub within Southeast Asia. Its expanding financial sector attracts cybercriminals who seek monetary gain through fraud, ransomware, and data theft. Beyond finance, Thailand holds a strategic geopolitical position. As a key player in the Association of Southeast Asian Nations, it is targeted by nation state actors conducting espionage and geopolitical surveillance. This creates a complex threat environment where businesses often find themselves caught in the crossfire of international rivalries.

Rapid digital transformation also plays a crucial role. Thai companies have adopted digital technologies at a swift pace. However, security implementation has often lagged behind this rapid adoption. This gap creates exploitable vulnerabilities that threat actors are quick to exploit. Furthermore, the country has a diverse industrial base. High value sectors such as energy, automotive manufacturing, and healthcare make Thailand a ripe target for both economic and cyber espionage attacks. The integration of Thailand into global logistics and production chains further exposes it to third party and supply chain compromises.

Geopolitical Frictions Spilling into the Digital Realm

The rise in corporate disinformation is not occurring in a vacuum. It is deeply intertwined with rising geopolitical tensions in the region. Recent bilateral disputes have demonstrated how quickly political conflicts can migrate into cyberspace. For instance, tensions between Thailand and Cambodia following a border clash in May 2025 rapidly spread to digital platforms. Both sides traded accusations of cyberattacks, disinformation, and complicity in cybercrime. This evolution of conflict marks a dangerous new precedent for relations in the region.

These clashes have direct implications for the corporate sector. During the disputes, threat actors launched Distributed Denial of Service attacks against websites of Thai government, military, and private sector institutions. Disinformation played a central role in these hostilities. The Thai government had to warn citizens about fake news stories claiming that Thailand was preparing to invade Cambodia. Conversely, Cambodian officials warned their citizens about fake news originating from foreign sources, including Thailand. Some of this content was reportedly generated using artificial intelligence to impersonate institutions and leaders. This use of AI to create convincing false narratives represents a significant escalation in the sophistication of threats facing businesses and the public alike.

The Impact of Regional Power Struggles

Thailand’s neutral stance in the broader rivalry between the United States and China draws cyber espionage from both geopolitical blocs. Each side seeks to influence policy and economic alignment to its advantage. Proximity to regional conflicts, such as instability in Myanmar and tensions in the South China Sea, heightens cyber operations targeting Thailand for surveillance and disruption. Defense and intelligence partnerships, such as participation in military exercises, make Thai defense entities and government contractors high value targets for state sponsored hackers.

Threat intelligence reports indicate a sharp spike in cyber campaigns targeting Thailand in 2024. Analysts observed a 240 percent increase in campaigns compared to the previous year. This surge reflects heightened geopolitical tensions and increased targeting of strategic sectors. While 2025 has shown fewer campaigns so far, experts expect threat activity to evolve. Data reveals that over 70 percent of threat actors targeting Thailand originate from China and Russia. This indicates a strong nation state interest in Thailand’s geopolitical and economic posture. North Korea also contributes significantly, reflecting financially motivated cyber operations rather than purely political ones.

The Internal Threat Landscape

While external threats garner significant attention, security experts are increasingly worried about internal vulnerabilities. The World Security Report predicts that the leaking of sensitive information will be the primary internal threat to monitor closely in the coming year. This issue is compounded by the finding that economic instability is cited as a primary threat by 53 percent of respondents. Komol Panmongkol, Country Manager of G4S Thailand, argued that businesses must shift their perspective on security in response to these pressures.

Komol Panmongkol stated that with economic instability cited as a primary threat, businesses must shift their perspective on security. It must evolve from a support function into a core corporate strategy.

This cultural shift is necessary because the traditional siloed approach to security is no longer effective. Disinformation campaigns often exploit internal divisions or disgruntled employees to leak damaging information. The line between external hacking and internal leakage is increasingly blurred. Social engineering tactics are used to manipulate staff into divulging credentials or proprietary data. This human element remains the weakest link in the security chain for many Thai corporations.

State Sponsored Cyber Operations and Civil Society

The disinformation threat in Thailand extends beyond the corporate world into civil society. Recent investigations have uncovered evidence of state sponsored campaigns targeting human rights organizations. Amnesty International has called on Thai authorities to investigate and end cyberattacks against activists. Leaked internal government documents revealed that Thai police and military units are jointly running a Cyber Team. This team deliberately seeks to tarnish the reputations and undermine the work of civil society organizations and political opposition members. The documents identified Amnesty International as a high value target.

These operations involve phishing attacks and brute force attempts to access social media accounts. The Cyber Team disseminates harmful and defamatory content online to discredit critics. For example, in response to posts about the excessive use of force against protesters, the team instructed officials to respond by portraying the protesters as violent. This kind of coordinated inauthentic behavior erodes trust in digital platforms and creates a toxic information environment. It also sets a dangerous precedent where state resources are used to conduct disinformation campaigns against perceived enemies. For businesses, this blurring of lines between state security operations and cybercrime creates a complex legal and risk management challenge.

The Weaponization of Climate and Identity

Disinformation in Thailand has proven to be a versatile weapon. It is not limited to corporate espionage or political maneuvering. Researchers have identified a disturbing trend of climate disinformation used to undermine Indigenous identity. Authorities and corporate actors are using false narratives to negate Indigenous identities and dispossess communities of their rights. This form of disinformation relies on malinformation, which is the weaponization of selective truths. By highlighting fragments of fact while omitting critical context, malicious actors make falsehoods appear credible and difficult to challenge.

These narratives serve to delegitimize Indigenous knowledge systems. They reduce Indigenous peoples to obstacles instead of rights holders and knowledge bearers. The result is a flood of stories that present government conservation projects and corporate green initiatives as inherently progressive. Simultaneously, Indigenous traditions are labeled as backward or destructive. This has tangible impacts. It drives the criminalization of Indigenous livelihoods and paves the way for forced evictions under the guise of ecological restoration. When mainstream and social media portray Indigenous peoples as security risks or obstacles to development, it legitimizes harassment and physical attacks. This illustrates the broad societal risks posed by the unchecked spread of disinformation.

Technical Challenges and Ransomware Surge

Alongside the rise of disinformation, Thailand faces a surge in traditional cyber threats. Ransomware attacks have become increasingly prevalent. Data shows a sharp increase in ransomware victims in 2023, with a fivefold rise compared to the previous year. While 2024 saw a decline, the trend remains elevated. Ransomware groups such as LockBit3 account for a significant portion of this activity. LockBit3 alone was responsible for over half of the ransomware activity observed in Thailand. Other active groups like RansomHub and Qilin reflect the expanding Ransomware as a Service ecosystem.

The most targeted technology for these attacks is web applications. These assets expose critical business and customer facing data. Operating systems and databases follow closely, indicating attempts to compromise core infrastructure. This trend highlights the urgent need for application layer security and continuous threat monitoring. The diversity of malware families targeting Thailand is also concerning. Security analysts have observed Cl0p Ransomware, Commodity Malware, and NukeSped RAT being the most prevalent. This mix reflects both financially motivated ransomware operations and state linked espionage campaigns. The presence of tools like Cobalt Strike and PlugX RAT signals advanced, persistent intrusions that require deep threat visibility to detect.

Strategies for Resilience

To navigate the crisis of disinformation and global instability, experts suggest a multi layered approach to security. The World Security Report outlines three key pillars for resilience. The first is the integration of advanced technology. Companies are advised to invest in artificial intelligence and digital solutions. These tools can help rapidly detect and counter disinformation campaigns before they gain traction. AI can analyze patterns in data to identify synthetic media or coordinated bot activity that humans might miss.

The second pillar is to upskill personnel. Training frontline staff to master security technology is essential. Employees must be educated to stay ahead of cyber tactics. This includes recognizing phishing attempts and understanding the role they play in safeguarding information. The third pillar is to foster a security culture. Security must be seen as everyone’s responsibility, not just the job of a single department. This cultural shift ensures that vigilance is maintained across all levels of the organization.

Global surveys indicate that the spread of disinformation to influence public opinion is considered the top threat worldwide, tying with the fear of being hacked. This consensus underscores the urgency of the situation. As Thailand continues to cement its position as a digital and economic hub, the stakes will only rise. Businesses must adapt to this new reality where information itself is a battlefield. The ability to discern truth from falsehood has become a critical corporate asset. Companies that fail to build resilience against these threats risk severe financial and reputational damage.

Key Points

• Thailand ranks second globally for corporate disinformation threats.
• 78 percent of medium to large Thai companies were targeted by misinformation or disinformation in the past year.
• Threat actors driven by disinformation comprise over half of the threats in 60 percent of cases.
• Geopolitical tensions between the US and China, as well as regional disputes with Cambodia, fuel the cyber threat landscape.
• State sponsored cyber operations have targeted civil society groups and activists.
• Ransomware attacks surged in Thailand, with LockBit3 dominating the activity.
• Web applications are the most targeted technology, requiring better application layer security.
• Experts recommend investing in AI technology, upskilling staff, and fostering a security culture to combat these threats.
• Climate disinformation is being used to undermine Indigenous rights and identity.
• Disinformation and hacking are viewed as the top global threats by 77 percent of people surveyed.