{
	"id": "f0a12a67-e031-4fc8-ac9e-eba1c1401372",
	"created_at": "2026-04-09T02:23:27.427845Z",
	"updated_at": "2026-04-10T03:36:01.43114Z",
	"deleted_at": null,
	"sha1_hash": "f52640c062172089acd0d97a03198cb7a05b8a5c",
	"title": "ALTDOS claims to have hacked one of Malaysia's biggest conglomerates - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44711,
	"plain_text": "ALTDOS claims to have hacked one of Malaysia's biggest\r\nconglomerates - DataBreaches.Net\r\nPublished: 2021-09-20 · Archived: 2026-04-09 02:01:20 UTC\r\nThreat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very\r\nlittle media attention as they acquire and dump millions of consumer records and proprietary information on\r\nbusinesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand,\r\nbut they do have victims in other countries as well.\r\nWhile they have tended to fly under the media radar, ALTDOS has not gone unnoticed by Singapore law\r\nenforcement.  The Singapore government recently issued a joint advisory on ALTDOS. That advisory did not save\r\none of Malaysia’s biggest conglomerates from becoming a victim, however.\r\nSunway Group claims to be one of Malaysia’s largest conglomerates with core interests in real estate,\r\nconstruction, education, healthcare, retail, and hospitality.  They have 13 business divisions, more than 50\r\nlocations worldwide, and 16,000 employees.\r\nOn September 15, ALTDOS contacted DataBreaches.net to claim responsibility for a hack of Sunway Group or\r\nSunway Berhad.\r\nDue to no-response for the last 72 hours from Sunway Group, we will dump out part of their student\r\ndata under sunway.edu.my in less than 12 hours time. More data leaks from Sunway Group will be\r\nmade known.\r\nALTDOS enclosed links to a file-sharing site where they had uploaded two files as proof of acquisition of data.\r\nOne of the two files was a spread sheet with personal information on 1,000 students and their parents. The fields\r\nincluded what form (grade) the student was in, their name, IC, email address, phone number, state, and school, as\r\nwell as parental information including the parent’s name, email address, and contact phone number. The data had\r\nentry dates of 2021 for the most part.\r\nDataBreaches.net did not attempt to contact either students or parents or to test any email addresses or phone\r\nnumbers, but a simple Google search did find individuals who matched the parents’ names, and Sunway does have\r\nan international school that covers the grades in question. The international schools are owned and governed by\r\nthe Jeffrey Cheah Foundation.\r\nOn September 17 and 18, DataBreaches.net used Sunway’s on-site contact form to send them inquiries asking\r\nSunway to confirm or deny ALTDOS’s claims. An inquiry was also sent to the Jeffrey Cheah Foundation through\r\ntheir web site yesterday. No response has been received by the time of this publication to any of the inquiries.\r\nDataBreaches.net did not find where, if anywhere, ALTDOS has publicly dumped any Sunway data as they had\r\nthreatened to do, but ALTDOS has a pattern of using different paste sites or forums, not all of which are known or\r\nreadily discoverable by DataBreaches.net.\r\nhttps://www.databreaches.net/altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates/\r\nPage 1 of 2\n\nALTDOS’s Past Incidents\r\nIn alphabetical order, ALTDOS’s known/claimed victims:\r\nAudioHouse – one of Singapore’s largest electronic retailers\r\nBangladesh Export Import Company Limited(“BEXIMCO”) – multinational conglomerate\r\nCountry Group Securities (CGSEC) – a Thai securities firm\r\nMonoNext and 3BB, subsidiaries of Jasmine International – a Thai media and content conglomerate\r\nOrangeTee and OTGroup – Singapore real estate group\r\nUnispec Group Singapore – marine industry services\r\nVentura Securities Ltd. – a stock trading/investment management firm in India. This one was never\r\nreported publicly at the time (March, 2021) although proof of claim had been sent to DataBreaches.net;\r\nVentura did not respond to inquiries.\r\nvHive – Singapore furniture retailer whose online ordering has been nonfunctioning since March.\r\nAs DataBreaches.net previously reported, some of ALTDOS’s servers were recently taken down. They tell\r\nDataBreaches.net that they have no idea what authority was responsible for that, but that the takedown occurred\r\nshortly after their communication to OrangeTee.  No substantive reply has been received to an inquiry sent to the\r\ndata protection commissioner’s office asking if they were responsible for the takedown.\r\nSource: https://www.databreaches.net/altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates/\r\nhttps://www.databreaches.net/altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.databreaches.net/altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates/"
	],
	"report_names": [
		"altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates"
	],
	"threat_actors": [
		{
			"id": "348b092b-f28a-41d0-a7f2-4c399f2f973f",
			"created_at": "2024-06-25T02:00:05.046536Z",
			"updated_at": "2026-04-10T02:00:03.664032Z",
			"deleted_at": null,
			"main_name": "ALTDOS",
			"aliases": [],
			"source_name": "MISPGALAXY:ALTDOS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad",
			"created_at": "2022-10-25T16:07:24.444096Z",
			"updated_at": "2026-04-10T02:00:04.994412Z",
			"deleted_at": null,
			"main_name": "ALTDOS",
			"aliases": [
				"0mid16B",
				"ALTDOS",
				"Desorden",
				"GHOSTR"
			],
			"source_name": "ETDA:ALTDOS",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775701407,
	"ts_updated_at": 1775792161,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f52640c062172089acd0d97a03198cb7a05b8a5c.pdf",
		"text": "https://archive.orkl.eu/f52640c062172089acd0d97a03198cb7a05b8a5c.txt",
		"img": "https://archive.orkl.eu/f52640c062172089acd0d97a03198cb7a05b8a5c.jpg"
	}
}