A 39-year-old hacker suspected of orchestrating dozens of major cyberattacks worldwide has been arrested in Bangkok, Thailand.
Operating under the aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, the suspect had been one of the most prolific cybercriminals in the Asia-Pacific region since 2021. According to Group-IB, his attacks resulted in the leak of more than 90 databases, containing a staggering 13 terabytes of confidential information, which he subsequently sold on the dark web.
Among his victims were companies spanning healthcare, retail, finance, logistics, insurance, and recruitment sectors across Thailand, Singapore, Malaysia, Indonesia, India, as well as the United Kingdom, Canada, and the United States.
Upon detaining the suspect, Thai authorities seized multiple laptops, electronic devices, and luxury items, including Chanel handbags, high-end watches, and jewelry. Investigators revealed that the hacker had purchased these luxury goods using proceeds from the sale of stolen data.
Unlike ransomware groups, this hacker did not immediately publish stolen data on the dark web. Instead, he strategically leaked sensitive information to media outlets and regulatory agencies, amplifying the reputational and financial risks for affected companies. In several cases, he directly contacted victims’ clients via email and messaging platforms, pressuring businesses into compliance. On occasion, he even encrypted victims’ databases to exert additional leverage.
Singaporean police disclosed that their investigation into the cyberattacks began in 2020. According to Group-IB, the suspect was notoriously difficult to track, frequently altering his tactics and creating new virtual identities to obscure connections to past operations. Initially, he was a respected member of data breach forums, commanding high prices for his unique stolen databases. However, he was later banned from several platforms for fraud and maintaining multiple accounts.
While the hacker’s real name has not yet been officially disclosed, Thai media reports identify him as “Chingwei”. Sources indicate that he has admitted to hacking over 70 databases and claimed to have operated entirely alone, focusing on large corporations while deliberately avoiding government entities.
