[TheRecord] Indonesian intelligence agency compromised in suspected Chinese hack

Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN).

The intrusion, discovered by Insikt Group, the threat research division of Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region[12].

Insikt researchers first discovered this campaign in April this year, when they detected PlugX malware command and control (C&C) servers, operated by the Mustang Panda group, communicating with hosts inside the networks of the Indonesian government.

These communications were later traced back to at least March 2021. The intrusion point and delivery method of the malware are still unclear.

Some systems are still infected, despite clean-up efforts

Insikt Group researchers notified Indonesian authorities about the intrusions in June this year and then again in July. Officials did not provide feedback for the reports.

BIN, which was the most sensitive target compromised in the campaign, did not return requests for comment sent by The Record in July and August.

A source familiar with the investigation told The Record last month that authorities had taken steps to identify and clean the infected systems.

Days after, Insikt researchers confirmed that hosts inside Indonesian government networks were still communicating with the Mustang Panda malware servers.

Part of China sprawling cyber-espionage campaigns

News of this intrusive cyber-espionage effort comes as the two countries have been re-establishing close diplomatic relations after almost reaching armed conflict a few years before, primarily due to marine territorial disputes.

Currently the second-largest investor in Indonesia, China has been cozying up to Indonesian provinces over the past two years to facilitate increased trade and further its implementation of the Belt and Road Initiative, a foreign policy initiative to invest in neighboring countries in order to establish lasting political ties and trade agreements.

But these investments haven’t always been welcome, with some countries seeing them as a Trojan horse for their economies.

Since 2013, when China made its Belt and Road Initiative public, cyber-espionage groups have often targeted countries where China planned to invest as part of this project.

The post Indonesian intelligence agency compromised in suspected Chinese hack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers

All posts, Security Week

Bitcoin scams have soared over the last seven months. The surge started around October 2020, and the scams are continuing today. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

All posts, HackerNews

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. “Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary […]

Read More

[TheRecord] How a pentester’s attempt to be ‘as realistic as possible’ alarmed cybersecurity firms

Over the last several weeks, researchers at multiple security firms have been scratching their heads trying to figure out who was targeting German companies with what appeared to be a supply chain attack. On Wednesday, they got their answer: An intern at a threat intelligence firm that was simulating “realistic threat actors” for its clients. […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.