ALTDOS

ALTDOS operates as a cyber threat actor group engaged in malicious activities targeting financial sector entities, as evidenced by their compromise of a Thai securities trading firm. The group employs data exfiltration techniques to steal sensitive information, including financial records, customer data, and employee credentials. Their operations demonstrate a focus on extracting ransom payments through double extortion tactics—combining data theft with threats of public leakage. The group selectively targets organizations with inadequate cybersecurity measures, particularly those failing to monitor unauthorized access attempts or implement basic data encryption protocols. ALTDOS maintains operational capabilities to publicly leak stolen data through file-sharing platforms when victims resist ransom demands, using these disclosures as both proof of breach and psychological pressure tactics.

The group distinguishes itself through its public shaming of victim organizations' security failures, as demonstrated when it explicitly cited the Thai firm's inability to detect suspicious IP access and unencrypted credential storage. ALTDOS exhibits structured ransom negotiation processes, setting specific cryptocurrency demands (such as 170 BTC in the documented case) and severing communication channels when ignored. Their attacks cause operational disruption, forcing victims to take critical systems offline post-breach. The group shows regional awareness in target selection, focusing on financial institutions in emerging markets where security practices may lag behind global standards. No verifiable information exists regarding the group's internal structure, leadership, or broader operational objectives beyond observed incident patterns.