A suspected cyber legal believed to have extorted firms beneath the identify “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen information of over 90 organizations worldwide.
The suspect was arrested in Bangkok by a legislation enforcement operation by the Royal Thai Police and the Singapore Police Power, with the assistance of specialists from Group-IB.
The cybercriminal, who operated since 2020 beneath a number of aliases equivalent to ALTDOS, DESORDEN, GHOSTR, and 0mid16B, stole and leaked/offered over 13TB of non-public information from the organizations.
Group-IB says the hacker was “one of the lively cybercriminals within the Asia-Pacific since 2021,” concentrating on entities primarily in Thailand, Singapore, Malaysia, Indonesia, and India.
The cybercriminal additionally impacted firms in Europe and North America, with 20 information leaks regarding organizations in these areas.
Supply: Group-IB
The cybersecurity agency famous that the risk actor was significantly evasive, and his apply of switching to new aliases and on-line personas so usually difficult investigations and delayed his monitoring down.
Group-IB says the hacker’s modus operandi was closely targeted on high-level blackmail, usually contacting the press for optimum strain on the victims.
“The principle objective of his assaults was to exfiltrate the compromised databases containing private information and to demand fee for not disclosing it to the general public,” reads the Group-IB press launch.
“If the sufferer refused to pay, he didn’t announce the leaks on darkish net boards. As a substitute, he notified the media or private information safety regulators, with the purpose of inflicting larger reputational and monetary harm on his victims.”
The hacker additionally resorted to emailing his victims’ prospects and, in uncommon instances, even encrypted the compromised agency’s databases.
One notable case from when the hacker operated beneath the ‘Desorden’ persona is the hack and information theft on Taiwanese pc large Acer.
Supply: Group-IB
To breach company networks, the cybercriminal used ‘sqlmap’ for SQL injection assaults and exploited susceptible Distant Desktop Protocol (RDP) servers to drop CobaltStrike beacons within the sufferer’s atmosphere.
CobaltStrike is a reliable however broadly abused penetration testing suite, with cracked variations utilized by cybercriminals to conduct malicious actions in breached environments.
Regardless of the massive variety of breaches, Group-IB says the hacker didn’t carry out vital lateral motion, as an alternative specializing in fast information exfiltration onto cloud servers and sufferer extortion.
The Thai Police’s raid on the hacker’s premises resulted within the confiscation of a number of objects, together with laptops and luxurious items believed to have been bought with cybercrime proceeds.
Supply: Group-IB
Thai information outlet The Nation stories that the suspect is a 39-year-old man named Chia, who was arrested yesterday in Bangkok.
In accordance with the identical outlet, Chia has already admitted his guilt, claiming that he labored alone, promoting stolen information to patrons for $10,000.
The suspect now faces a number of fees, together with unauthorized entry to protected pc programs and information, tried extortion, and unlawful residence.
