Despite the large number of breaches, Group-IB says the hacker did not perform significant lateral movement, instead focusing on quick data exfiltration onto cloud servers and victim extortion. A suspected cyber criminal believed to have extorted companies under the name "DESORDEN Group" or "ALTDOS" has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. The cybercriminal, who operated since 2020 under multiple aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, stole and leaked/sold over 13TB of personal data from the organizations. "The main goal of his attacks was to exfiltrate the compromised databases containing personal data and to demand payment for not disclosing it to the public," reads the Group-IB press release. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The Thai Police's raid on the hacker's premises resulted in the confiscation of multiple items, including laptops and luxury goods believed to have been purchased with cybercrime proceeds. One notable case from when the hacker operated under the 'Desorden' persona is the hack and data theft on Taiwanese computer giant Acer. The suspect now faces multiple charges, including unauthorized access to protected computer systems and data, attempted extortion, and illegal residence. The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help of experts from Group-IB. Group-IB says the hacker was "one of the most active cybercriminals in the Asia-Pacific since 2021," targeting entities primarily in Thailand, Singapore, Malaysia, Indonesia, and India. To breach corporate networks, the cybercriminal used 'sqlmap' for SQL injection attacks and exploited vulnerable Remote Desktop Protocol (RDP) servers to drop CobaltStrike beacons in the victim's environment. Group-IB says the hacker's modus operandi was heavily focused on high-level blackmail, often contacting the press for maximum pressure on the victims. The cybercriminal also impacted companies in Europe and North America, with 20 data leaks concerning organizations in those regions. According to the same outlet, Chia has already admitted his guilt, claiming that he worked alone, selling stolen data to buyers for $10,000. Thai news outlet The Nation reports that the suspect is a 39-year-old man named Chia, who was arrested yesterday in Bangkok.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 27 Feb 2025 15:50:16 +0000