The recent joint operation spearheaded by Group-IB, in conjunction with the Royal Thai Police and Singapore Police Force, has culminated in the apprehension of a notorious hacker accountable for more than 90 data breaches spanning 25 countries. The hacker, known by multiple aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, targeted a diverse array of industries including healthcare, government agencies, and multinational corporations. From 2020 to 2025, the hacker managed to siphon off a staggering 13 terabytes of sensitive data, inflicting substantial harm on businesses and individuals worldwide.
Initially operating under the moniker ALTDOS, the hacker directed their attacks towards entities in Thailand, employing techniques like SQL injection and exploiting vulnerabilities in Remote Desktop Protocol (RDP) servers to breach networks and pilfer data for subsequent sale on dark web platforms. Unlike conventional ransomware perpetrators, this hacker prioritized data theft and extortion, leveraging the threat of leaking sensitive information unless their demands were met. In 2022, the hacker followed through on their threat by disclosing 8 million customer records from a Thai e-commerce platform after it refused to accede to their demands.
Transitioning to the identity of DESORDEN in 2023, the hacker broadened their scope of operations to encompass the Asia-Pacific region, homing in on healthcare and financial institutions. Analysts from Group-IB observed a marked enhancement in the hacker’s sophistication, evidenced by tactics such as deploying CobaltStrike beacons for persistent access and minimizing lateral movement within networks. Over the course of their operations, the hacker managed to pilfer 9.5 million patient records, which were subsequently peddled on platforms like BreachForums in exchange for cryptocurrency. The hacker’s reach also extended to Western nations like the UK and Canada, where their incursions compromised the personal and financial data of millions.
The apprehension of the hacker represents a pivotal milestone in the global drive to combat dark web crime syndicates. Confiscation of electronic devices and luxury items procured with ill-gotten gains from data sales underscore the severity of the illicit activities undertaken by the hacker. Legal experts anticipate stringent penalties to be levied in accordance with Thailand’s Computer Crimes Act and Singapore’s Cybersecurity Act. This case serves to underscore the indispensable nature of public-private partnerships in the fight against cybercrime, advocating for the adoption of proactive cybersecurity measures such as patching RDP vulnerabilities and thoroughly vetting third-party access.
In conclusion, the collaborative efforts of Group-IB, the Royal Thai Police, and the Singapore Police Force have culminated in a significant victory against cybercrime, underscoring the imperative of continued vigilance in safeguarding digital assets from malevolent actors.