[TheRecord] Indonesian intelligence agency compromised in suspected Chinese hack

Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN).

The intrusion, discovered by Insikt Group, the threat research division of Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region[12].

Insikt researchers first discovered this campaign in April this year, when they detected PlugX malware command and control (C&C) servers, operated by the Mustang Panda group, communicating with hosts inside the networks of the Indonesian government.

These communications were later traced back to at least March 2021. The intrusion point and delivery method of the malware are still unclear.

Some systems are still infected, despite clean-up efforts

Insikt Group researchers notified Indonesian authorities about the intrusions in June this year and then again in July. Officials did not provide feedback for the reports.

BIN, which was the most sensitive target compromised in the campaign, did not return requests for comment sent by The Record in July and August.

A source familiar with the investigation told The Record last month that authorities had taken steps to identify and clean the infected systems.

Days after, Insikt researchers confirmed that hosts inside Indonesian government networks were still communicating with the Mustang Panda malware servers.

Part of China sprawling cyber-espionage campaigns

News of this intrusive cyber-espionage effort comes as the two countries have been re-establishing close diplomatic relations after almost reaching armed conflict a few years before, primarily due to marine territorial disputes.

Currently the second-largest investor in Indonesia, China has been cozying up to Indonesian provinces over the past two years to facilitate increased trade and further its implementation of the Belt and Road Initiative, a foreign policy initiative to invest in neighboring countries in order to establish lasting political ties and trade agreements.

But these investments haven’t always been welcome, with some countries seeing them as a Trojan horse for their economies.

Since 2013, when China made its Belt and Road Initiative public, cyber-espionage groups have often targeted countries where China planned to invest as part of this project.

The post Indonesian intelligence agency compromised in suspected Chinese hack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] Amex fined £90,000 for sending 4 million spam emails in a year

The UK data regulator has fined American Express (Amex) £90,000 for sending over 4 million spam emails to customers within one year. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] RIP: Internet Explorer will be disabled in Windows 11

Windows 11 has officially signed the death sentence for Internet Explorer as it will be disabled when users upgrade to the new operating system. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] Windows 11’s October 2021 release date hinted in support docs

A planned October 2021 release date for Windows 11 has been accidentally leaked in support documents from both Microsoft and Intel. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.