A 39-year-old Singaporean man accused of being a hacker responsible for over 90 data leaks has been arrested in Thailand.
According to the Singapore-based cybersecurity firm Group-IB, which assisted the investigation of Singapore and Thailand law enforcement agencies, the suspect has been active on the cybercrime scene since 2020.
He initially used the online moniker ‘Altdos’, then changed it to ‘Desorden’ in 2021, ‘Ghostr’ in 2023, and ‘Omid16B’ in 2024.
Changing his nickname has made it more difficult to track his online activities, but Group-IB said his writing style, the format of his online posts, and preferences for certain data sharing sites, chat applications and targeted regions allowed investigators to connect his attacks.
“To attack victims, the cybercriminal leveraged SQL injection tools like sqlmap and exploited vulnerable Remote Desktop Protocol (RDP) servers to gain unauthorized access to sensitive data,” Group-IB said. “The cybercriminal then installed a beacon of a cracked version of the CobaltStrike to control compromised servers.”
The hacker is believed to have carried out dozens of attacks. The security firm is aware of more than 90 data leaks impacting organizations around the world. While a majority of his victims were organizations in the APAC region — he has been described as one of the most active cybercriminals in this region — he has also targeted companies in North America and Europe.
Victims included organizations in sectors such as healthcare, finance, retail, property investment, hospitality, e-commerce, technology, logistics, and insurance.
The hacker exfiltrated sensitive data from the targeted organization’s databases, and then attempted to convince the victim to pay a ransom to avoid having the data made public.
Initially he did not announce the data breaches on dark web forums and instead notified the media or data protection regulators to put pressure on the victim. In some cases he also contacted the victim’s customers and even encrypted the victim’s data to increase the chances of getting paid.
Later he started to announce leaks on hacker forums, where he offered to sell the stolen files for a significant price — the minimum was $10,000, according to the Bangkok Post.
The Thai news outlet reported that the suspect has only been identified as Chingwei, and that police were able to find his location in Thailand based on an X account used by the hacker.
He is believed to have made a significant amount of money from the sale of the data, investigators finding many luxury goods at the residence where he was arrested.
Related: Hacker Who Targeted NATO, US Army Arrested in Spain
Related: 2 Arrested in Takedown of Nulled, Cracked Hacking Forums
Related: LockBit Ransomware Developer Arrested in Israel at Request of US
