SINGAPORE: A hacker suspected of carrying out a string of international data breaches was arrested in Thailand on Wednesday (Feb 26).

The 39-year-old man was caught following a collaboration between the Singapore Police Force (SPF) and the Royal Thai Police (RTP).

Investigations into the hacker’s activities began in 2020, when 11 victims in Singapore reported receiving ransom demands from possible multiple threat actors operating under identities such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, SPF said in a news release on Thursday.

Investigations revealed that the multiple aliases were likely to be connected to the same threat actor responsible for at least 75 cases worldwide.

"The threat actor is suspected to have exploited vulnerabilities in the victims’ networks before stealing the victims’ data," said SPF. 

"The threat actor is also suspected to have published the stolen data for sale online when victims failed to pay the ransom demanded."

Officers from the Criminal Investigation Department's (CID) cybercrime command worked closely with Thailand's Central Investigation Bureau (CIB) to share investigation findings related to the suspected threat actor, who is also believed to be responsible for a spate of data breach cases in Thailand, said SPF.

The identity of the man was established based on the leads uncovered, it added.

Following the man's arrest, assets valued at over 10 million baht (US$295,000) were seized, including laptops, mobile phones, luxury vehicles and branded bags.

The commander of SPF's cybercrime command assistant commissioner of police Paul Tay said: "In the cyber realm, international cooperation is crucial as cybercriminals do not respect borders." 

"The SPF is committed to working closely with our regional partners, and we thank the Royal Thai Police for their invaluable collaboration in taking down this criminal network and making our cyberspace safer."

Investigations are ongoing, SPF said.

THE HACKER

The alias ALTDOS first emerged in late 2020 when a securities trading firm in Thailand first fell victim to a data breach, according to a joint advisory by the Cyber Security Agency of Singapore (CSA), Personal Data Protection Commission (PDPC) and SPF.

Victims also include those from Singapore and Bangladesh, with ALTDOS targeting businesses for financial gains.

In August 2021, real estate agency OrangeTee & Tie received an email from ALTDOS, demanding a ransom of 10 Bitcoins for the safety and non-disclosure of the databases. The ransom demand also contained video footage of five databases purported to have been stolen.

The agency was then fined S$37,000 by PDPC after it found several lapses that led to the personal data of more than 250,000 customers and employees being compromised.

In another joint advisory, authorities noted that GHOSTR emerged in August 2023, focusing on entities in Southeast Asia. It was known for stealing, demanding ransom and selling confidential information belonging to its victims.