Singaporean and Thai law enforcement agencies have arrested suspected Singaporean threat actor Omid16B, who had deployed cyberattacks in the Asia-Pacific region, North America, and Europe, as well as exposed data from more than 90 organizations worldwide since 2020, according to SecurityWeek.
Attacks by Omid16B, who was previously known as Ghostr, Desorden, and Altdos, against healthcare, finance, insurance, retail, technology, property investment, e-commerce, hospitality, and logistics organizations involved the exploitation of sqlmap and other SQL injection tools, as well as vulnerable Remote Desktop Protocol servers for initial access before the injection of a cracked Cobalt Strike beacon version for server takeovers, reported Group-IB researchers, who helped law enforcement in tracking Omid16B after discovering patterns in his online posts, data sharing site usage, and app preferences.
After pilfering organizations' sensitive data, Omid16B proceeded with alerting data protection regulators and the media regarding the breach to coerce victims into paying the demanded ransom.
Omid16B was also reported by the Bangkok Post to have peddled stolen data for at least $10,000.
