He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B. Under each new moniker, he denied being the individual DataBreaches knew under previous monikers, even though based on his targets, his approach to proof of claims, and his extortion approaches, it seemed pretty obvious it was the same threat actor.
Now he has been caught. Group-IB, who assisted law enforcement in catching him, reports:
Group-IB’s Threat Intelligence and High-Tech Crime Investigation teams located in the Digital Crime Resistance Centers (DCRCs) in Thailand and Singapore have been tracking the cybercriminal since 2020. He first emerged under the alias ALTDOS with victims mostly in Thailand. The main goal of his attacks was to exfiltrate the compromised databases containing personal data and to demand payment for not disclosing it to the public. If the victim refused to pay, he did not announce the leaks on dark web forums. Instead he notified the media or personal data protection regulators, with the aim of inflicting greater reputational and financial damage on his victims.
Later he also asserted pressure on his victims by sending direct customer notifications via email or via instant messengers to force them into submission. In rare occasions, Group-IB has also observed the cybercriminal encrypting the victim’s databases.
Relatively quickly he expanded the victim geography beyond Thailand and started to publish data leaks to be sold on popular dark web forums. He was highly regarded on data leak forums as an owner of a large number of unique data leaks, and commanded a higher price for the leaked data.
Read more at Group-IB .
The Nation reports:
Thai police have arrested an allegedly notorious Singaporean hacker, known globally as Desorden GhostR, in Bangkok. The arrest was carried out with cooperation from Singaporean authorities.
Pol Col Panupat Kittipan, commander of Technology Crime Suppression Subdivision 1, stated that the suspect, identified as Chia, 39, was apprehended at a residence in the Gusto Grand Ramkhamhaeng housing estate on Soi Ramkhamhaeng 159, Saphan Sung district, on Wednesday.
During the raid, police seized a notebook computer, storage devices, and several luxury bags worth an estimated 10 million baht.
According to the news report, “Chia” confessed:
Panupat reported that Chia admitted to being the wanted hacker in multiple cybercrime cases in Thailand and abroad. He is suspected of hacking more than 50 firms internationally and 20 companies in Thailand.
Chia allegedly worked alone, selling stolen data for approximately $10,000 per transaction. Among his reported victims in Thailand was the Black Canyon coffee shop chain, whose computer network was compromised late last year.
Read more at The Nation.
This is a big law enforcement win and the result of collaboration between Thai and Singapore law enforcement.
For more information on some of his attacks, follow the search results on this site for ALTDOS, DESORDEN, GHOSTR, and 0mid16B.