Introduction
A significant arrest has been made in the realm of cybercrime, involving a notorious hacker associated with the “DESORDEN Group.” This individual, known by several aliases [6], has been apprehended in Bangkok [1] [5], Thailand [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], marking a pivotal moment in the fight against cybercriminal activities in the Asia-Pacific region.
Description
A notorious cybercriminal linked to the “DESORDEN Group” and known by aliases such as Altdos, GhostR [2] [3] [5] [6] [10], and 0mid16B has been arrested in Bangkok [1] [5], Thailand [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], on February 26, 2025 [3] [9]. This arrest followed a coordinated operation involving the Royal Thai Police and the Singapore Police Force [11], with support from cybersecurity experts at Group-IB [11]. The 39-year-old suspect [6], identified as Chia [1] [5] [10], is believed to have been one of the most active cybercriminals in the Asia-Pacific region since 2020 [2], with operations extending to Thailand, Singapore [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], Malaysia [4] [7] [11], Indonesia [7] [11], India [2] [4] [7] [11], and even impacting organizations in Europe and North America [11].
Chia has been linked to over 90 hacking cases across multiple countries, targeting various corporate and governmental entities [10]. His criminal activities have resulted in the theft and leak of more than 13 terabytes of sensitive data, including personally identifiable information (PII) from sectors such as healthcare, finance [1] [4] [5] [7] [8], retail [1] [4] [5] [7], and government [1] [4] [5] [10]. His operations began in 2020 when 11 victims in Singapore reported ransom demands associated with his various aliases. Chia’s tactics involved breaching security systems, stealing data [2] [9], and demanding ransoms [3] [7] [9]. When ransoms were not paid [2], he often published stolen data online for sale, using media pressure to coerce victims and escalating threats by contacting media outlets and data protection regulators to maximize reputational damage [11].
By 2022 [8], his methods evolved to include sophisticated techniques such as SQL injection attacks and breaches of Remote Desktop Protocol (RDP) servers, exploiting weak credentials or unpatched vulnerabilities [8]. Once inside networks, he utilized a modified version of the CobaltStrike penetration testing toolkit to establish command-and-control channels [8], focusing on rapid data exfiltration to rented cloud storage servers for monetization.
Thai authorities tracked him to a residence in Bangkok [7], where a raid resulted in the seizure of high-end electronics, luxury goods [7], and other assets valued at approximately 10 million baht (around $300,000), including laptops [3] [6] [9], mobile phones [9], luxury vehicles [9], and branded bags [9]. Investigators faced challenges due to Chia’s frequent changes in aliases and tactics [4], but Group-IB linked his identities by analyzing writing styles [4], post formats [4], and target preferences on dark web forums [4]. Notable incidents attributed to him include the leaking of data from Protemps Employment Services and hacks involving Acer in India and Taiwan, while Altdos compromised data from OrangeTee & Tie [2], affecting over 250,000 individuals [2].
Chia has confessed to hacking over 70 companies, including the Thai coffee shop chain Black Canyon [7], and now faces multiple charges under Thailand’s Computer Crimes Act and Singapore’s Cybersecurity Act 2018 [8], including unauthorized access to protected computer systems and attempted extortion [7] [10]. Extradition requests from Singapore and other affected countries for further prosecution are anticipated [7]. If convicted [9], he could be responsible for compromising the data of millions of individuals globally [9]. This case sets a precedent for holding digital extortionists accountable and contributes to the protection of the Asia-Pacific’s $1.2 trillion digital economy [8], highlighting the ongoing collaboration between Thai and Singaporean police to further investigate his activities [10].
Conclusion
The arrest of Chia represents a significant step forward in combating cybercrime, particularly in the Asia-Pacific region [2] [3] [6] [9]. This case underscores the importance of international cooperation in addressing digital threats and serves as a deterrent to other cybercriminals. The ongoing collaboration between law enforcement agencies and cybersecurity experts is crucial in safeguarding the digital economy and ensuring the security of sensitive information worldwide. As the investigation continues, it is expected to yield further insights into the operations of cybercriminal networks, enhancing future preventive measures.
References
[1] https://www.thestar.com.my/aseanplus/aseanplus-news/2025/02/28/thai-cops-arrest-singaporean-suspected-of-global-cyber-attacks-man-said-to-be-notorious-hacker-say-authorities
[2] https://www.straitstimes.com/singapore/global-hacker-arrested-in-thailand-after-collaboration-between-spf-and-thai-police
[3] https://batamnewsasia.com/2025/02/28/global-cybercriminal-arrested-in-thailand-in-joint-singapore-thai-police-operation/
[4] https://hackread.com/ghostr-hacker-linked-to-90-data-breaches-arrested/
[5] https://gulfnews.com/world/asia/thai-cops-arrest-singaporean-suspected-of-global-cyber-attacks-1.500048925
[6] https://www.infosecurity-magazine.com/news/data-extortion-actor-thailand/
[7] https://cyberinsider.com/cybercriminal-behind-90-data-leaks-arrested-in-bangkok/
[8] https://cybersecuritynews.com/hackers-behind-90-data-leaks-worldwide/
[9] https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-accused-of-at-least-75-massive-data-breaches-arrested-in-thailand
[10] https://thethaiger.com/news/bangkok/singaporean-hacker-arrested-in-bangkok-assets-worth-10-million-baht-seized
[11] https://undercodenews.com/arrest-of-notorious-cyber-criminal-linked-to-desorden-group-in-thailand/
