Data breach in networks of Indonesian ministries and agencies
A China-based cyber-espionage threat actor has apparently breached the internal networks of at least 10 Indonesian government ministries and agencies, including the computers of Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN).
The revelation of this invasive cyber-espionage attempt comes at a time when the two countries are re-establishing diplomatic relations after nearly escalating into an armed confrontation a few years ago over maritime territory concerns.
The intrusion, discovered by Insikt Group, the threat research division of the US-based cyber security firm Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region.
Insikt researchers first discovered this campaign in April this year and notified the Indonesian authorities about the intrusions in June and then again in July.
Mustang Panda is known to have targeted governments and telcos in Southeast Asia. In March 2021, security firm McAfee had reported that Mustang Panda had allegedly targeted telecom companies in Southeast Asia, Europe and the US via a phishing site disguised as Huawei’s careers page.
In June 2021, a Slovak security firm found a back door Trojan which gives users remote control over a device allegedly planted by Mustang Panda in the website of the Myanmar president’s office.
Pratama Persadha, chairman of the Communication and Information System Security Research Centre (CISSREC), a Jakarta-based non profit organisation who has profiled several cyber security threat actors, including Mustang Panda said the group is largely made up of Chinese actors and it can be classified as a state- sponsored actor as it uses advanced persistent threats that require large resources. Its targets are mostly high-profile institutions.
Since 2013, when China made its Belt and Road Initiative public, cyber-espionage groups have often targeted countries where China planned to invest as part of this project. Currently, the second-largest investor in Indonesia, China has been cozying up to Indonesian provinces over the past two years to facilitate increased trade and further its implementation of the Belt and Road Initiative.
But these investments have not always been welcome, with some countries seeing them as a Trojan horse for their economies.
Since the hacked data has not been shared in the public domain till now, it can be said that the motive is not economy or popularity. This could be state-backed espionage with a larger hidden agenda. The countries need to strengthen their digital defences to prevent such type of cyber-attacks from China-based groups in order to safeguard their sovereignty.