- This Lenovo is my surprise pick for best productivity laptop - and it doesn't look boring
- I've tested dozens of cameras - and this is the one I recommend for new photographers
- Old Vulnerabilities Among the Most Widely Exploited
- Google just gave Pixel Watch its most important update yet - and it's free to use
- Prioridades de los líderes TI en materia de IA: productividad por encima de la innovación
Prolific Data Extortion Actor Arrested in Thailand
Law enforcement have arrested one of the most notorious cybercriminals operating in the Asia-Pacific region.
The joint operation was carried out by Royal Thai Police and the Singapore Police Force with the support of cybersecurity company Group-IB. The individual was arrested in Thailand.
The 39-year-old man, who has used several aliases including Altdos, Desorden, Ghostr and 0mid16B, is allegedly responsible for more than 90 instances of data extortion attacks worldwide.
This includes 65 incidents across the Asia-Pacific region, with other targets including organizations in the UK, US, Canada and Middle East.
Victims Pressured into Paying
These incidents resulted in over 13TB of personal data being sold on the dark web.
The main purpose of the attacks was to exfiltrate compromised databases containing personal data and to demand payment for not disclosing it to the public.
Read now: Only a Fifth of Ransomware Attacks Now Encrypt Data
He used a range of tactics to pressure the victim to pay, exerting significant reputational and financial damage in the process. This included notifying the media or personal data protection regulators of the breach, publishing the stolen data on dark web forums and sending direct customer notifications via email or instant messages.
On rare occasions, he was even observed encrypting the victim’s databases.
During the operation, the Royal Thai Police seized several laptops and electronic devices, as well as a large number of luxury goods that were allegedly purchased with the proceeds of the data extortion activities.
Dmitry Volkov, CEO at Group-IB, commented: “This case highlights the evolution of cybercriminal tactics, not just through technical exploits, but through coercion, intimidation and reputational threats.”
He added: “We are proud to have assisted the Royal Thai Police and the Singapore Police Force, and we are grateful for their efforts in bringing the cybercriminal to justice.”
One of the “Most Active Cybercriminals” in the Asia-Pacific
Group-IB described the individual as “one of the most active cybercriminals in the Asia-Pacific since 2021.”
He first emerged under the alias Altdos, mostly targeting victim organizations based in Thailand.
He expanded his operations beyond Thailand and began publishing data leaks on popular dark web forums.
“He was highly regarded on data leak forums as an owner of a large number of unique data leaks, and commanded a higher price for the leaked data,” Group-IB wrote.
The attackers targeted organizations across a wide range of industries, including healthcare, retail, property investment, finance, hospitality and insurance.
The individual changed his aliases a number of times to hinder the ability of researchers and law enforcement to investigate his activities.
To compromise victims, the threat actor leveraged SQL injection tools like sqlmap and exploited vulnerable Remote Desktop Protocol (RDP) servers.
He would then a beacon of a cracked version of the Cobalt Strike pentesting toolkit to control compromised servers.
Group-IB said it did not observe the actor performing significant lateral movement, focusing on quickly exfiltrating data to rented cloud servers.
