Suspected Desorden Hacker Arrested for Breaching 90 Organizations
A shocking arrest has been made by the Royal Thai Police, assisted by experts from Group-IB, a renowned cybersecurity firm. The suspect, identified as Chia, a 39-year-old man, is believed to be one of the most active cybercriminals in the Asia-Pacific region since 2021.
The suspect was arrested in Bangkok through a meticulous law enforcement operation that targeted multiple aliases used by the hacker. These aliases included ALTDOS, DESORDEN, GHOSTR, and 0mid16B. Chia's arrest marks a significant milestone in the ongoing efforts to combat cybercrime and bring perpetrators to justice.
According to Group-IB, Chia stole and leaked/sold over 13TB of personal data from more than 90 organizations worldwide. This breach involved entities primarily in Thailand, Singapore, Malaysia, Indonesia, and India, with significant impacts also felt in Europe and North America.
The Extensive Scope of the Breach
The hacker's modus operandi was centered around high-level blackmail, where he would contact the press to maximize pressure on his victims. Chia's goal was to extort payment from organizations in exchange for not disclosing their compromised databases. If a victim refused to pay, he would instead notify personal data protection regulators and the media, aiming to inflict greater reputational and financial damage.
One notable case involved the Taiwanese computer giant Acer, where Chia operated under the 'Desorden' persona. He breached corporate networks using SQL injection attacks and exploited vulnerable Remote Desktop Protocol (RDP) servers to drop CobaltStrike beacons in the victim's environment.
The Hacker's Methods
Chia employed various tactics to breach corporate networks, including the use of 'sqlmap' for SQL injection attacks. He also exploited vulnerable RDP servers and, in rare cases, encrypted compromised firm databases. The hacker's focus was on quick data exfiltration onto cloud servers rather than significant lateral movement within breached environments.
The Consequences of the Arrest
Thai Police arrested Chia at his premises, resulting in the confiscation of multiple items, including laptops and luxury goods believed to have been purchased with cybercrime proceeds. According to The Nation, a Thai news outlet, Chia has already admitted his guilt, claiming that he worked alone and sold stolen data to buyers for $10,000.
The suspect now faces multiple charges, including unauthorized access to protected computer systems, attempted extortion, and illegal residence. This arrest serves as a significant reminder of the importance of cybersecurity awareness and the need for robust measures to protect against cyber threats.