News Indonesian intelligence agency compromised in suspected Chinese hack

Gary

Experienced member
Messages
7,534
Reactions
21 12,102
Nation of residence
Indonesia
Nation of origin
Indonesia

Indonesian intelligence agency compromised in suspected Chinese hack​

Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN).

The intrusion, discovered by Insikt Group, the threat research division of Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region[1, 2].

Insikt researchers first discovered this campaign in April this year, when they detected PlugX malware command and control (C&C) servers, operated by the Mustang Panda group, communicating with hosts inside the networks of the Indonesian government.

These communications were later traced back to at least March 2021. The intrusion point and delivery method of the malware are still unclear.

Some systems are still infected, despite clean-up efforts​

Insikt Group researchers notified Indonesian authorities about the intrusions in June this year and then again in July. Officials did not provide feedback for the reports.

BIN, which was the most sensitive target compromised in the campaign, did not return requests for comment sent by The Record in July and August.

A source familiar with the investigation told The Record last month that authorities had taken steps to identify and clean the infected systems.

Days after, Insikt researchers confirmed that hosts inside Indonesian government networks were still communicating with the Mustang Panda malware servers.

Part of China sprawling cyber-espionage campaigns​

News of this intrusive cyber-espionage effort comes as the two countries have been re-establishing close diplomatic relations after almost reaching armed conflict a few years before, primarily due to marine territorial disputes.

Currently the second-largest investor in Indonesia, China has been cozying up to Indonesian provinces over the past two years to facilitate increased trade and further its implementation of the Belt and Road Initiative, a foreign policy initiative to invest in neighboring countries in order to establish lasting political ties and trade agreements.

But these investments haven’t always been welcome, with some countries seeing them as a Trojan horse for their economies.

Since 2013, when China made its Belt and Road Initiative public, cyber-espionage groups have often targeted countries where China planned to invest as part of this project.

 

Gary

Experienced member
Messages
7,534
Reactions
21 12,102
Nation of residence
Indonesia
Nation of origin
Indonesia
from Kompas......

Jaringan 10 Kementerian dan Lembaga Negara Indonesia Diduga Diretas Hacker China


KOMPAS.com - Sekelompok peretas dari China dikabarkan telah berhasil membobol sistem jaringan internal milik sepuluh kementerian dan lembaga negara Indonesia, termasuk milik Badan Intelijen Negara (BIN). Hal itu mencuat berdasarkan laporan terbaru dari sekelompok peneliti keamanan internet milik media internasional TheRecord, Insikt Group. Berdasarkan laporan tersebut, peneliti mendeteksi bahwa aksi pembobolan tersebut ada hubungannya dengan Mustang Panda. Mustang Panda sendiri konon dikenal sebagai kelompok peretas asal China yang biasa melakukan aktivitas mata-mata di dunia maya. Target operasinya sendiri berada di wilayah Asia Tenggara.

Terkait serangan dari Mustang Group sendiri, Insikt Group mengatakan mereka pertama kali menemukan aktivitas pembobolan ini pada bulan April lalu. Pada saat itu, mereka mendeteksi bahwa server pengendali perintah (C&C) milik grup Mustang Panda, yang menjalankan malware berjenis PlugX, berkomunikasi dengan beberapa host yang kemungkinan telah terinfeksi di dalam jaringan internal milik pemerintah Indonesia. Malware PlugX merupakan aplikasi backdoor yang bisa mengambil alih sepenuhnya komputer yang disusupinya. Saat komputer atau server terinfeksi PlugX, pengirim malware dapat mengendalikan dan megirim sejumlah perintah dari jarak jauh. Dapatkan informasi, inspirasi dan insight di email kamu. Daftarkan email Aktivitas tersebut kemudian ditelusuri dan ternyata diklaim telah berlangsung sejak Maret 2021. Belum jelas apa yang diincar Mustang Panda dan bagaimana metode pembobolan yang dilakukan peretas tersebut untuk menerobos sejumlah jaringan internal pemerintah Indonesia tadi. Tidak disebutkan pula kementerian dan lembaga negara Indonesia apa menjadi target Mustang Panda ini, di samping BIN. Baca juga: Ada Spyware Pegasus, Presiden Jokowi Diminta Tak Pakai WhatsApp Melapor dan belum direspons Sebagaimana dihimpu KompasTekno dari TheRecord, Sabtu (11/9/2021), Insikt Group sendiri mengklaim telah melaporkan temuan mereka yang disebutkan di atas tadi kepada otoritas terkait di Indonesia sebanyak dua kali, yaitu pada Juni dan Juli 2021 lalu.

Namun otoritas Tanah Air tersebut, dikatakan Insikt Group, tidak memberikan umpan balik atas laporan peretasan tersebut. Meski demikian, seorang sumber mengatakan kepada Insikt Group bahwa pihak terkait telah menempuh sejumlah langkah untuk mengidentifikasi dan membersihkan sistem yang berhasil dibobol tadi. Namun, beberapa hari setelah informasi dari sumber tersebut menyeruak, para peneliti dari Insikt Group meyakini bahwa mereka masih bisa mendeteksi bahwa jaringan internal yang sebelumnya dibobol masih tersambung dengan server Mustang Panda

 

Follow us on social media

Top Bottom