DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

ALTDOS claims some of their servers were seized but they did not lose data

Posted on September 6, 2021 by Dissent

It would be great if the good guys had backups as good as the threat actors have.

Threat actors who call themselves “ALTDOS” have re-emerged after a brief hiatus that had left this site wondering if something had happened to them following a joint advisory about them.

ALTDOS has attacked a number of ASEAN firms, as DataBreaches.net has documented over a series of posts and reports.  Most recently, ALTDOS had started disclosing a breach involving OT Group/OrangeTee in Singapore, and had indicated that they would be dumping data. But they suddenly went silent three days after a joint advisory was issued about them by law enforcement, and they did not respond to any inquiries from this site, which has not been their usual pattern.

In an email to DataBreaches.net yesterday responding to this site’s inquiries about the joint advisory and the OrangeTee attack, they wrote:

The last email we sent to OT Group included many videos of subsequent breaches until 26th August 2021, 2 weeks after OT Group announced the breach publicly. Servers containing some data and the videos were seized shortly after ALTDOS emailed them on 27th August.

A copy of that email was provided to DataBreaches.net. It informed OT Group/OrangeTee that there were videos showing continued access and exfiltration up through August 26, weeks after the firm had publicly acknowledged awareness of the hack. A copy of the videos was uploaded to a file-sharing site for OT Group to download. That file was no longer available when DataBreaches.net tried the link in the email.

The email also threatened, in part, to distribute the videos to regulators and media, along with data from OrangeTee. That approach — of publicly trying to embarrass companies  and notifying media to help increase embarrassment or pressure– has been a consistent element across all of the ALTDOS ASEAN attacks that DataBreaches.net is aware of. But their email to OT Group also gave this site an indication of how much extortion ALTDOS demanded of these victims:

ALTDOS shall give your management one last opportunity to save yourself from this mess once we publish the breach videos and databases. ALTDOS will take a step back on the numbers. Instead of initial asking of 10 BTC, OT Group can choose to pay just 1 BTC and ALTDOS will disappear entirely without leaking any videos or data.

Three days after the joint advisory, and less than one day after that email to OT Group/OrangeTee, some of their servers were seized, ALTDOS claims.

It appears that OT Group did not decide to pay the 1 BTC, as ALTDOS started dumping data. Re-appearing on a popular forum to dump some of it, they noted the seizure as the cause of their delay:

We took some time to begin the leak due to technical issues arising from the seizure of some of our servers, which caused partial data corruption during sync. ALTDOS  has already recovered our databases.

In a statement to DataBreaches.net, the threat actors responded to an inquiry from this site as to who had seized their servers and under what authority:

ALTDOS does not know specifically which authority seized the servers, only received emails from the server company that our 3 servers were seized by authorities and requested more information from ALTDOS in the event where ALTDOS wants the data backup.

The threat actors wrote that they were not concerned about the seizure:

ALTDOS has incremental backups performed across different servers, not a concern in case of seizures. Only require extra time to recover the full data which has already been completed.

DataBreaches.net has reached out to CSA Singapore and the PDPC to inquire as to who seized the servers, but no response was immediately forthcoming other than auto-acknowledgements from both agencies. The Singapore Police, who were involved in the joint advisory, do not have any statement on their site that would indicate their involvement in the seizure. It is possible, of course, that the seizure is not related to Singapore authorities but to some other authority related to non-Singapore victims, but the timeframe seems to suggest relationship to the OrangeTee incident.

This post will be updated if or when more information becomes available, but DataBreaches.net’s reply email to ALTDOS has bounced back that their email address, which had been working as of several hours ago, no longer exists.

Related posts:

  • Forbes Breach Email Statistics
  • ASEAN companies still targeted by ALTDOS threat actors
  • Singapore real estate firm breached by ALTDOS
  • From the frying pan into the fire: Thai business angers hackers
Category: Breach IncidentsBusiness SectorHackNon-U.S.

Post navigation

← TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic
Ma: Personal Data of 2 Million Moroccans Leaked Online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.