{ "id": "34b5f583-17cc-48d2-aa7d-beabedf5030b", "created_at": "2026-04-09T02:23:21.792214Z", "updated_at": "2026-04-10T03:36:01.453543Z", "deleted_at": null, "sha1_hash": "4f772f4c85ba559a4a3796fb6b0c4c83e8ac6bac", "title": "ASEAN companies still targeted by ALTDOS threat actors - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1910022, "plain_text": "ASEAN companies still targeted by ALTDOS threat actors -\r\nDataBreaches.Net\r\nPublished: 2021-06-09 · Archived: 2026-04-09 02:10:39 UTC\r\nIn December of 2020, DataBreaches.net reported on a threat actor (or actors) calling themself “ALTDOS” who\r\nhad attacked a Thai securities trading firm, Country Group Securities (CGSEC) .  CGSEC wasn’t the only Thai\r\nentity they attacked, and within weeks, they had attacked MonoNext and 3BB, subsidiaries of Jasmine\r\nInternational.  Angered by the entities’ response or lack of response to demands, ALTDOS ultimately dumped\r\ntheir data. Less than one month later, this site reported another attack by them, this one involving Bangladesh\r\nExport Import Company Limited (“BEXIMCO”). And in March, they attacked Vhive furniture retailer in\r\nSingapore. When the retailer allegedly reneged on an agreement to pay them, ALTDOS escalated, taking control\r\nof the firm’s email server and sending out emails to customers. They also dumped their customer data.\r\nWhen Vhive allegedly reneged on promise to pay them, ALTDOS dumped all their customer data\r\non a popular forum. Image: DataBreaches.net.\r\nIn all of the above cases, ALTDOS dumped customer or personal information, using a variety of dump sites or\r\nleak sites to post data. But that wasn’t the end of their activity and attacks.\r\nSomewhat stunningly, perhaps, DataBreaches.net discovered this week that ALTDOS appears to still be in control\r\nof Vhive’s email server. As proof of claims, ALTDOS provided DataBreaches.net with a screen cap of an email\r\nfrom June 2.\r\nhttps://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nPage 1 of 5\n\nRedacted by DataBreaches.net\r\nDataBreaches.net reached out to Vhive to inquire as to how ALTDOS still has access to their email server, but\r\nreceived no response.\r\nIn early April, DataBreaches.net had reached out to Singapore’s Data Protection Commission to ask if the Vhive\r\nincident had been reported to them. A spokesperson for the PDPC responded that they were aware of the incident\r\nand were investigating. Under their procedures, the results of their investigation are confidential, but the\r\ncommission does publish decisions in cases where it has found a contravention of data protection provisions of the\r\nPDPA. At the present time, there is no decision for Vhive listed on the commission’s site, which may mean that\r\nthe PDPC concluded its investigation and found no violation, or that the investigation is still open.\r\nRegardless of what the PDPC does or does not do, if ALTDOS still has access to Vhive’s email server, that is\r\ncause for concern.\r\nBut Vhive was not the last attack by ALTDOS. There have been two more Singapore entities attacked by\r\nALTDOS recently (or at least two that we currently know about).\r\nhttps://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nPage 2 of 5\n\nUnispec Group Singapore\r\nALTDOS claimed to have attacked Unispec Group Singapore, which operates in the marine industry, providing\r\nservices in marine insurance, surveying, cargo, containers, and marine IT software. UniSpec has offices in\r\nSingapore, India, Thailand, Malaysia, Indonesia, South Korea and China.\r\nIn a statement provided to DataBreaches.net, ALTDOS claimed that they had\r\nhacked into their intranet servers and stolen all of their coding, files and databases. Data and files\r\ninclude sensitive information pertaining to trade secrets, corporate, employees, customers, projects,\r\nfinancial and more.\r\nALTDOS uploaded some video proof of claims.  They tell this site that when the firm did not reply to their emails,\r\nALTDOS began dumping data on May 7.\r\nALTDOS leaked UniSpec data on a popular forum where hacked or leaked data may be bought,\r\nsold, or shared. Image: DataBreaches.net\r\nUnlike ALTDOS’s earlier attacks, the UniSpec data dump was not because the target refused to pay any demands.\r\nALTDOS claims that they never even made any specific monetary demand on UniSpec. When the entity did not\r\nrespond to their emails, they just went into dump or sale mode.\r\nhttps://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nPage 3 of 5\n\n“Our current style is to write an email asking for a reply from their management without stating any\r\nmonetary demands from the victim,” ALTDOS told DataBreaches.net. “Since Unispec did not reply,\r\nALTDOS did not state any demands. The email account that was used to contact Unispec was already\r\ndeactivated by protonmail.”\r\nWhile they did not reply directly to ALTDOS, UniSpec reportedly filed takedown requests with gofile.io, file.io,\r\npastebin, and some other sites where the threat actors uploaded files.\r\nDataBreaches.net did reach out to UniSpec to ask how the attack may have impacted them and whether they have\r\nnotified  employees and the PDPC about the attack, but no reply has been received.\r\nAudioHouse\r\nALTDOS also claims to have hacked and stolen more than  290,000 customers’ personal information from\r\nAudioHouse, one of Singapore’s largest electronic retailers. The firm has since reported the attack to the\r\nauthorities and to their local news media.\r\nThis AudioHouse user profile was redacted by DataBreaches.net.\r\nIn support of their claims, ALTDOS provided DataBreaches.net with a video recording of what they claim are 320\r\nstolen database and Part 10 of a customer database that they had uploaded.\r\nBecause AudioHouse did not respond to their emails but went to the authorities and media, ALTDOS listed their\r\ndata for sale on June 4.\r\nhttps://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nPage 4 of 5\n\nALTDOS offered AudioHouse data for sale. Image: DataBreaches.net.\r\nWhat Are They Doing?\r\nSince DataBreaches.net first became aware of ALTDOS, it has been somewhat of a puzzle. In the past, they have\r\nnot asked for the kind of exorbitant ransoms other threat actors have demanded, and in some cases, as we see\r\nabove, they wind up not making any financial demands at all and just leak the data or advertise it as being for sale.\r\nThat does not seem like a particularly profitable business model, and DataBreaches.net asked them about it. They\r\nreplied:\r\nDepending on the type of data, ALTDOS usually dump out partial data and proceed to use middleman\r\nto sell the data to other groups.\r\nAs they informed this site last year, they have continued to focus on ASEAN companies. But are any paying\r\nthem? Their attacks do not seem to get much coverage. Are consumers there less concerned or outraged about\r\nbreaches involving their consumer data, or is there just a concerted public effort not to reward threat actors by\r\nreporting on them or paying them?\r\nAccording to ALTDOS, and DataBreaches.net has no way to confirm this: 70% of the breached companies pay\r\nthem and then nothing is disclosed publicly about the hacks.  For the other 30%, “ALTDOS will either do a full\r\ndata dump or sell the data to middleman which in both cases, will end up in the hands of other groups capable in\r\nextracting more monetary value with use of other methods.”\r\nALTDOS continues to decline to answer any of this site’s questions as to how it gains a foothold in the victims’\r\nsystems, saying only that they use different methods, depending on many factors involving the target.\r\nSo how serious a threat are they to ASEAN people? They seem to be a serious enough threat that they already\r\nacquired and dumped more than 600,000 Singapore residents’ information. Are their corporate victims sharing\r\ninformation with other entities and law enforcement there? Are entities taking steps to harden their security to\r\nprevent their attacks? If they are, it’s not being publicly discussed.\r\nSource: https://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nhttps://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.databreaches.net/asean-companies-still-targeted-by-altdos-threat-actors/" ], "report_names": [ "asean-companies-still-targeted-by-altdos-threat-actors" ], "threat_actors": [ { "id": "348b092b-f28a-41d0-a7f2-4c399f2f973f", "created_at": "2024-06-25T02:00:05.046536Z", "updated_at": "2026-04-10T02:00:03.664032Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [], "source_name": "MISPGALAXY:ALTDOS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad", "created_at": "2022-10-25T16:07:24.444096Z", "updated_at": "2026-04-10T02:00:04.994412Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [ "0mid16B", "ALTDOS", "Desorden", "GHOSTR" ], "source_name": "ETDA:ALTDOS", "tools": [ "Agentemis", "Cobalt Strike", "CobaltStrike", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775701401, "ts_updated_at": 1775792161, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4f772f4c85ba559a4a3796fb6b0c4c83e8ac6bac.pdf", "text": "https://archive.orkl.eu/4f772f4c85ba559a4a3796fb6b0c4c83e8ac6bac.txt", "img": "https://archive.orkl.eu/4f772f4c85ba559a4a3796fb6b0c4c83e8ac6bac.jpg" } }