ALTDOS refers to a single cybercriminal, arrested in February 2025, who operated under multiple aliases including DESORDEN, GHOSTR, and 0mid16B, emerging publicly on December 4, 2020, with an attack on a financial institution in Thailand. This actor is primarily motivated by financial gain through data theft and extortion, targeting organizations predominantly in Southeast Asia, but expanding globally under later aliases. What distinguishes this actor is their fluid use of identities, at times exhibiting a 'chaotic' modus operandi where they might deploy ransomware, only steal data, or sometimes leak data without a ransom demand, and their unique escalation tactic of notifying media, regulators, or even customers directly if ransom demands were not met, rather than exclusively relying on dark web forums. The perpetrator was assessed with high confidence to be of Thai origin, given their arrest in Thailand.