[BreachExchange] Chinese hackers allegedly breach servers of 10 Indonesian government agencies

Mon Sep 13 08:31:20 EDT 2021

https://kr-asia.com/chinese-hackers-allegedly-breach-servers-of-10-indonesian-government-agencies

The internal networks of ten of Indonesia’s government organizations,
including the country’s intelligence agency Badan Intelijen Negara (BIN),
were allegedly breached by hackers originating from China, according to a
report by cybersecurity news publication, The Record.

Insikt Group, the threat research division of cybersecurity company
Recorded Future, discovered the breach in April. The intrusion is suspected
to be linked to a hacker group called Mustang Panda, which is also known as
Bronze President, HoneyMyte, and Red Lich. Insikt’s researchers detected
Mustang Panda-operated command and control servers that utilize PlugX
malware communicating with hosts inside the networks of Indonesia’s
government agencies since March 2021. PlugX is a trojan that grants remote
access and control over an infected device.

The researchers notified Indonesian authorities, including BIN, in June and
July but received no response. However, authorities took steps to identify
and cleanse the infected systems in August, according to a source who spoke
to The Record.

Mustang Panda has been an active cybersecurity threat since at least 2017.
The hacker group allegedly targets telco companies based in Southeast Asia,
Europe, and the United States, with a strong interest in enterprises in
Germany and Vietnam, according to a report by McAfee. The group aims to
gain access to the telcos’ internal networks to steal sensitive information
related to 5G technology. In June, the same group was a suspect in a hack
of the website of the Myanmar president’s office. Specifically, it hid a
trojan in a font package that was available for download on the site.

Responding to Mustang Panda’s activity in Indonesian cyberspace, IT
minister Johnny G Plate said that his ministry will work with the National
Cyber and Encryption Agency (BSSN) to investigate the alleged breach.
“Information like this needs to be checked. There is a code of conduct and
procedures we need to take [for investigation],” he told local media outlet
Detik.

Last month, researchers of cybersecurity firm vpnMentor reported that the
personal data of 1.3 million users of the country’s electronic Health Alert
Card, or eHAC “test and trace” program, was purportedly exposed when it was
stored on an open server due to poor data privacy protocols. After the
report was released, BSSN said no eHAC data was leaked and sold on the dark
web. Even so, the agency acknowledged that it had found a vulnerability on
eHAC’s partner platform and authorities had quickly patched the system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210913/48190af5/attachment.html>