A coordinated effort between regulation enforcement in Thailand, Singapore, and cybersecurity agency Group-IB has led to the arrest of a prolific hacker tied to greater than 90 knowledge breaches worldwide.
The person, working beneath a number of on-line identities reminiscent of GHOSTR, ALTDOS, DESORDEN, and 0mid16B, reportedly stole and offered over 13 terabytes of delicate data together with authorities company data on darkish internet markets. The accused hacker was additionally an energetic member of the notorious cybercrime and knowledge breach platform Breach Forums.
Lively since no less than 2020; the hacker focused organizations throughout Asia-Pacific nations like Thailand, Singapore, Malaysia, Pakistan and India, later increasing to Europe, North America, and the Center East. Victims spanned industries like healthcare, finance, e-commerce, and logistics.
Initially, they pressured corporations by threatening to leak stolen knowledge until paid, typically alerting media or regulators if calls for have been ignored. Later, they moved to promoting databases on dark web forums, gaining a status for high-quality leaks and commanding premium costs. In some circumstances, they even emailed clients on to pressure corporations into compliance.
In response to Group-IB’s press release revealed on Thursday, the hacker exploited frequent vulnerabilities to infiltrate methods. They used instruments like sqlmap to execute SQL injections, a technique that exploits web sites to entry backend databases and breached poorly secured Distant Desktop Protocol (RDP) servers.
As soon as inside, they deployed a modified model of the penetration-testing software CobaltStrike to keep up management of compromised networks. The extracted knowledge was then copied to cloud servers for extortion functions.
A number of Identities, Tough to Monitor
Investigators confronted challenges because the hacker regularly modified aliases and ways. Group-IB’s groups linked the identities by analyzing writing types, publish codecs, and goal preferences throughout darkish internet boards. For instance, the ALTDOS persona centered on Thai victims in 2020, whereas DESORDEN later focused organizations within the following sectors:
- Retail
- Finance
- Logistics
- Insurance coverage
- Healthcare
- Hospitality
- Recruitment
- Know-how
- E-commerce
- Property funding
Regardless of bans from boards for scams and faux accounts, the hacker continued operations beneath new names till their trails of on-line exercise led authorities to their real-world identification.
Throughout the arrest, Thai authorities confiscated a number of laptops, digital gadgets, and quite a few luxurious gadgets bought with proceeds from the information gross sales.
Group-IB’s position in mapping the hacker’s exercise throughout aliases demonstrates how behavioural patterns and technical clues can unmask even essentially the most persistent cyber criminals. The corporate’s menace intelligence additionally brings to thoughts the Brazilian hacker USDoD, who was tracked down after CrowdStrike uncovered his actual identification, resulting in his arrest.
