Suspected Desorden hacker arrested for breaching 90 organizations

Despite the large number of breaches, Group-IB says the hacker did not perform significant lateral movement, instead focusing on quick data exfiltration onto cloud servers and victim extortion. A suspected cyber criminal believed to have extorted companies under the name "DESORDEN Group" or "ALTDOS" has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. The cybercriminal, who operated since 2020 under multiple aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, stole and leaked/sold over 13TB of personal data from the organizations. "The main goal of his attacks was to exfiltrate the compromised databases containing personal data and to demand payment for not disclosing it to the public," reads the Group-IB press release. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The Thai Police's raid on the hacker's premises resulted in the confiscation of multiple items, including laptops and luxury goods believed to have been purchased with cybercrime proceeds. One notable case from when the hacker operated under the 'Desorden' persona is the hack and data theft on Taiwanese computer giant Acer. The suspect now faces multiple charges, including unauthorized access to protected computer systems and data, attempted extortion, and illegal residence. The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help of experts from Group-IB. Group-IB says the hacker was "one of the most active cybercriminals in the Asia-Pacific since 2021," targeting entities primarily in Thailand, Singapore, Malaysia, Indonesia, and India. To breach corporate networks, the cybercriminal used 'sqlmap' for SQL injection attacks and exploited vulnerable Remote Desktop Protocol (RDP) servers to drop CobaltStrike beacons in the victim's environment. Group-IB says the hacker's modus operandi was heavily focused on high-level blackmail, often contacting the press for maximum pressure on the victims. The cybercriminal also impacted companies in Europe and North America, with 20 data leaks concerning organizations in those regions. According to the same outlet, Chia has already admitted his guilt, claiming that he worked alone, selling stolen data to buyers for $10,000. Thai news outlet The Nation reports that the suspect is a 39-year-old man named Chia, who was arrested yesterday in Bangkok.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 27 Feb 2025 15:50:16 +0000


Cyber News related to Suspected Desorden hacker arrested for breaching 90 organizations

Suspected Desorden hacker arrested for breaching 90 organizations - Despite the large number of breaches, Group-IB says the hacker did not perform significant lateral movement, instead focusing on quick data exfiltration onto cloud servers and victim extortion. A suspected cyber criminal believed to have extorted ...
1 month ago Bleepingcomputer.com
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - During the suspect’s arrest, Thai authorities seized multiple laptops, electronic devices, and luxury goods, including Chanel bags, watches and jewelry, allegedly purchased with proceeds from selling stolen data. The hacker, who operated under the ...
1 month ago Therecord.media
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
8 months ago Securityweek.com Silence
4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed - Help Net Security - The third phase of Operation Cronos, which involved officers from the UK National Crime Agency (NCA), the FBI, Europol and other law enforcement agencies, has resulted in the arrest of four persons for allegedly participating in the LockBit ...
5 months ago Helpnetsecurity.com LockBit
Hacker 'ShinyHunters' Pleads Not Guilty in Cybercrime Case - A hacker known as 'ShinyHunters' has pleaded not guilty in a case of cybercrime. The hacker is accused of taking part in illegal activities to steal data from victims, including passwords, credit card information, and other personal details. The ...
2 years ago Blog.cloudflare.com Hunters
Ransomware hackers 'wreaking havoc' arrested in Ukraine - European cyber police have arrested a 32-year-old suspected of being the ringleader of a ransomware gang operating in Ukraine. In raids across the country authorities seized laptops and arrested four other alleged hackers. The gang are accused of ...
1 year ago Bbc.com
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
1 year ago Feeds.dzone.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
Hangzhou's Cybersecurity Breakthrough: How ChatGPT Elevated Ransomware Resolution - The Chinese media reported on Thursday that local police have arrested a criminal gang from Hangzhou who are using ChatGPT for program optimization to carry out ransomware attacks for the purpose of extortion. An organization in the Shangcheng ...
1 year ago Cysecurity.news
Hacker spins up 1 million virtual servers to illegally mine crypto - A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. As announced today by Europol, the suspect is believed to be the mastermind behind a ...
1 year ago Bleepingcomputer.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
LockBit Ransomware Affiliate Sentenced to Prison in Canada - A Russian-Canadian national was sentenced to nearly four years in prison in Canada for his role in the LockBit ransomware operation. The man, Mikhail Vasiliev, 34, was arrested in October 2022 in his home in Bradford, Ontario. In February 2024, he ...
1 year ago Securityweek.com LockBit
Police arrest four suspects linked to LockBit ransomware gang - Previous arrests of Lockbit ransomware actors (some of them already charged for various offenses) include Mikhail Pavlovich Matveev (aka Wazawaka) in May 2023, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) in February 2024, and ...
5 months ago Bleepingcomputer.com LockBit
Law enforcement agencies arrest 4 alleged LockBit members | TechTarget - Authorities arrested four suspected members of the LockBit ransomware gang during the third phase of the international law enforcement effort dubbed Operation Cronos. Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as ...
5 months ago Techtarget.com LockBit
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
1 year ago Securityweek.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
1 year ago Securityboulevard.com
Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects | Tripwire - A posting by the UK's NCA on the seized LockBit dark website boasts that it now has "a full understanding of the platform and how it operated, and all this detail is presently being worked through with our international Cronos colleagues to help us ...
5 months ago Tripwire.com LockBit
Europol shutters ransomware operation with kingpin arrests The Register - International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ...
1 year ago Theregister.com LockBit Rhysida
Ukraine Arrests Hacker for Assisting Russian Missile Strikes - Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine revealed that its cyber unit has ...
1 year ago Infosecurity-magazine.com
U.S. No Fly List Data Breach Leaked on Hacker Forum - The U.S. No Fly List, a database of individuals who are barred from boarding commercial airlines due to security concerns, has been leaked on a hacker forum. The breach includes the full names and dates of birth of 1,817,233 individuals on the list ...
2 years ago Hackread.com
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent - The teenage hacker who leaked details about Grand Theft Auto 6 is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries ...
1 year ago Cysecurity.news
BreachForums admin jailed again for using a VPN, unmonitored PC - The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. The BreachForums admin, Conor Fitzpatrick, was arrested on March ...
1 year ago Bleepingcomputer.com
Hacker arrested for selling bank accounts of US, Canadian users - Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold it on the dark web. The suspect distributed trojanized software as free resources using ...
1 year ago Bleepingcomputer.com
Authorities Arrested Hackers Behind 90 Data Leaks Worldwide - Unlike advanced persistent threats (APTs), however, the attacker prioritized rapid data exfiltration over lateral movement, transferring stolen datasets to rented cloud storage servers (e.g., AWS S3 buckets) for subsequent monetization. Under this ...
1 month ago Cybersecuritynews.com
9 cybersecurity trends to watch in 2024 - Attackers could more often use zero-day vulnerabilities to target multiple organizations, said Dick O'Brien, principal intelligence analyst at Symantec, part of Broadcom, an enterprise tech vendor. To combat this social engineering attack, Tavakoli ...
1 year ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)