{ "id": "4a8689ee-c7a1-4bda-b185-74b668b3d549", "created_at": "2026-04-09T02:23:07.674697Z", "updated_at": "2026-04-10T13:12:13.500281Z", "deleted_at": null, "sha1_hash": "ea3a134d0f793f2f6dd9f311419d6c86198fc03d", "title": "SG: Vhive attackers escalate, take control of furniture retailer's email server - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 36464, "plain_text": "SG: Vhive attackers escalate, take control of furniture retailer's\r\nemail server - DataBreaches.Net\r\nPublished: 2021-04-03 · Archived: 2026-04-09 02:00:25 UTC\r\nOn March 29, DataBreaches.net reported a confirmed hack of Singapore retail furniture chain Vhive. Previous\r\ncoverage of the attack, as reported by ALTDOS threat actors and as reported by the firm on their site can be found\r\nhere.  At the time of that publication, ransom negotiations between the firm and the attackers appeared to have\r\nbroken off.\r\nAt some point, however, it appears that Vhive agreed to pay $75,000 USD. But the firm reneged and missed the\r\nagreed-upon April 2 payment date. Within hours of them missing that deadline, ALTDOS attacked them for a third\r\ntime and took over their mail server. Yesterday, in a series of emails, ALTDOS informed this site that VHive had\r\nsent us a message today that their management intends to instead allocate funds to compensate their\r\ncustomers whom have been affected by the data breach. ALTDOS scan through their email server,\r\napparently Vhive has not informed their customers individually with regards to the personal data\r\nbreach. Based on research, it is required legally for Vhive to inform their customers of a personal data\r\nbreach within 3 days from knowledge of the hack.\r\nNot to worry, ALTDOS has already assisted Vhive to send a message to their customers, informing\r\nthem about their personal data breach.\r\nIndeed, ALTDOS demonstrated that they had control of Vhive’s email server and sent out emails to customers.\r\nThose emails told customers that Vhive had been hacked. A copy of the email, provided to DataBreaches.net, says,\r\nin part:\r\nDue to this unfortunate breach of agreement by VHIVE, ALTDOS hereby inform you that 300,000\r\ncustomers’s personal information will be published publicly. The first 10,000 customer records has been\r\npublished on https://[redacted by DataBreaches.net] and 50 other public data dump sites. 20,000\r\nadditional records will be published each day, starting today until Vhive management agrees to our\r\ndemand. This action is neccesary to punish VHIVE management for making empty promises to\r\nALTDOS and showing no concern for the safety of their customers\r\nALTDOS has stolen all of VHIVE’s coding and databases, including 311,468 customer personal\r\ninformation, 352,210 delivery records, 471,553 payment records, 584,979 transaction records and all\r\nother financial or corporate data.\r\nIf customers attempted to email Vhive to ask if the email from the firm was for real, they received an auto-responder from ALTDOS. The auto-response stated  that ALTDOS had compromised Vhive for the third time\r\nsince March 22, and it linked to a data dump of customer data, warning that more would be dumped each day. The\r\ndata dump contained the following fields: “firstname, lastname, email, password, address1,address2, postal,\r\ncountry, mobile.”\r\nhttps://www.databreaches.net/sg-vhive-attackers-escalate-take-control-of-furniture-retailers-email-server/\r\nPage 1 of 2\n\nEven as of this morning, ALTDOS still appeared to be in control of Vhive’s mail server, but has informed\r\nDataBreaches.net that Vhive has regained control of it.\r\nDataBreaches.net has reported on previous attacks by ALTDOS in Thailand and Bangladesh. The threat actor(s)\r\nfocus on ASEAN (Association of Southeast Asian Nations) entities.\r\nThe Straits Times confirms that the police are investigating. DataBreaches.net sent an inquiry to the PDPC on\r\nFriday to inquire whether Singapore’s data protection commission was also investigating but has received no reply\r\nyet.\r\nSource: https://www.databreaches.net/sg-vhive-attackers-escalate-take-control-of-furniture-retailers-email-server/\r\nhttps://www.databreaches.net/sg-vhive-attackers-escalate-take-control-of-furniture-retailers-email-server/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.databreaches.net/sg-vhive-attackers-escalate-take-control-of-furniture-retailers-email-server/" ], "report_names": [ "sg-vhive-attackers-escalate-take-control-of-furniture-retailers-email-server" ], "threat_actors": [ { "id": "348b092b-f28a-41d0-a7f2-4c399f2f973f", "created_at": "2024-06-25T02:00:05.046536Z", "updated_at": "2026-04-10T02:00:03.664032Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [], "source_name": "MISPGALAXY:ALTDOS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad", "created_at": "2022-10-25T16:07:24.444096Z", "updated_at": "2026-04-10T02:00:04.994412Z", "deleted_at": null, "main_name": "ALTDOS", "aliases": [ "0mid16B", "ALTDOS", "Desorden", "GHOSTR" ], "source_name": "ETDA:ALTDOS", "tools": [ "Agentemis", "Cobalt Strike", "CobaltStrike", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775701387, "ts_updated_at": 1775826733, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ea3a134d0f793f2f6dd9f311419d6c86198fc03d.pdf", "text": "https://archive.orkl.eu/ea3a134d0f793f2f6dd9f311419d6c86198fc03d.txt", "img": "https://archive.orkl.eu/ea3a134d0f793f2f6dd9f311419d6c86198fc03d.jpg" } }