In December of 2020, DataBreaches.net reported on a threat histrion (or actors) calling themself “ALTDOS” who had attacked a siamese securities trading firm, Country group Securities (CGSEC)�. CGSEC wasn’t the only thai entity they attacked, and within weeks, they had attacked MonoNext�and�3BB, subsidiaries of�Jasmine International. Angered by the entities’ response or lack of response to demands, ALTDOS ultimately dumped their data.�Less than ace month later, this site reported another onslaught by them, this 1 involving Bangladesh Export importee fellowship limited (�BEXIMCO�). And in March, they attacked Vhive furniture retailer in Singapore. When the retailer allegedly reneged on an agreement to pay them, ALTDOS escalated, taking control of the firm’s email server and sending out emails to customers. They also dumped their customer data. in all of the above cases, ALTDOS dumped customer or personal information, using a variety of dump sites or leak sites to post data. But that wasn’t the last of their activity and attacks. Somewhat stunningly, perhaps, DataBreaches.net discovered this week that ALTDOS appears to still be in moderate of Vhive’s email server. as proof of claims, ALTDOS provided DataBreaches.net with a sort cap of an email from June 2. DataBreaches.net reached out to Vhive to wonder as to how ALTDOS still has access to their email server, but received no response. In early April, DataBreaches.net had reached out to Singapore’s data Protection direction to expect if the Vhive incident had been reported to them. A interpreter for the PDPC responded that they were aware of the incident and were investigating. Under their procedures, the results of their investigation are confidential, but the charge does issue decisions in cases where it has found a contravention of data tribute provisions of the PDPA. At the pose time, there is no determination for Vhive listed on the commission’s site, which may mean that the PDPC concluded its investigation and found no violation, or that the investigation is still open. Regardless of what the PDPC does or does not do, if ALTDOS still has access to Vhive’s email server, that is reason for concern. But Vhive was not the last assail by ALTDOS. There experience been two more Singapore entities attacked by ALTDOS recently (or at least ii that we currently live about). Unispec group Singapore ALTDOS claimed to get attacked�Unispec group Singapore, which operates in the marine industry, providing services in marine insurance, surveying, cargo, containers, and marine IT software. UniSpec has offices in Singapore, India, Thailand, Malaysia, Indonesia, South dae-han-min-gook and China. In a instruction provided to DataBreaches.net, ALTDOS claimed that they had hacked into their intranet servers and stolen all of their coding, files and databases. Data and files include sensitive information pertaining to patronage secrets, corporate, employees, customers, projects, financial and more. ALTDOS uploaded some video proof of claims. They tell this site that when the firm did not reply to their emails, ALTDOS began dumping data on May 7. Unlike ALTDOS’s earlier attacks, the UniSpec data wasteyard was not because the aim refused to pay any demands. ALTDOS claims that they never even made any specific monetary demand on UniSpec. When the entity did not respond to their emails, they just went into dump or sale mode. “Our current style is to write an email asking for a reply from their management without stating any monetary demands from the victim,” ALTDOS told DataBreaches.net. “Since Unispec did not reply, ALTDOS did not state any demands. The email account that was used to contact Unispec was already deactivated by protonmail.” while they did not reply directly to ALTDOS, UniSpec reportedly filed takedown requests with gofile.io, file.io, pastebin, and some other sites where the threat actors uploaded files. DataBreaches.net did reach out to UniSpec to ask how the assail may have impacted them and whether they have notified employees and the PDPC about the attack, but no reply has been received. AudioHouse ALTDOS also claims to hold hacked and stolen more than 290,000 customers’ personal information from AudioHouse, one of Singapore’s largest electronic retailers. The firm has since reported the attack to the authorities and to their local tidings media. In support of their claims, ALTDOS provided DataBreaches.net with a video recording of what they claim are 320 stolen database and parting 10 of a customer database that they had uploaded. Because AudioHouse did not respond to their emails but went to the authorities and media, ALTDOS listed their data for sale on June 4. What are They Doing? Since DataBreaches.net first became aware of ALTDOS, it has been somewhat of a puzzle. in the past, they have not asked for the sort of exorbitant ransoms other terror actors experience demanded, and in some cases, as we control above, they malarkey up not making any financial demands at all and just leak the data or advertise it as being for sale. That does not appear like a particularly profitable business model, and DataBreaches.net asked them about it. They replied: Depending on the type of data, ALTDOS usually waste-yard out partial data and proceed to employment contact to deal the data to other groups. As they informed this site last year, they have continued to focusing on ASEAN companies. But are any paying them? Their attacks fare not seem to get much coverage. Are consumers there less concerned or outraged about breaches involving their consumer data, or is there just a concerted public exertion not to reward threat actors by reporting on them or paying them? According to ALTDOS, and DataBreaches.net has no way to confirm this: 70% of the breached companies pay them and then nothing is disclosed publicly about the hacks. For the other 30%, “ALTDOS will either fare a full data waste-yard or sell the data to contact which in both cases, will remainder up in the hands of other groups capable in extracting more monetary value with utilize of other methods.” ALTDOS continues to slump to reply any of this site’s questions as to how it gains a foothold in the victims’ systems, saying only […]
