A group of hackers with links to the Chinese state have wreaked havoc amongst Indonesia’s government departments and agencies.
According to a report in IntelNews.org, there was a major breach of networks belonging to at least ten Indonesian government ministries and agencies, which included Indonesia’s primary intelligence service.
The breach was first reported on September 10 by cybersecurity firm Insikt Group, whose researchers say they have been monitoring the hacks since April of this year.
The firm said that the breach was perpetrated by Mustang Panda, a mysterious advanced persistent threat actor, which is also known as BRONZE PRESIDENT, HoneyMyte, and Red Lich. In the past, Mustang Panda has been particularly active in Southeast Asia, targeting servers in Mongolia, Malaysia and Vietnam. The targets of this latest breach included the Indonesian State Intelligence Agency, known as BIN. According to Insikt Group, BIN was “the most sensitive target compromised in the campaign”.
The company said it notified the Indonesian government twice about these intrusions, in June and July.
Although no response was forthcoming from the Indonesian government, changes in its computer networks since that time may be taken as evidence that the authorities took steps to “identify and clean the infected systems”, according to Insikt Group’s report.
Insikt Group said experts in its threat research division noticed that a number of PlugX malware command and control servers were regularly communicating with hosts inside the networks of the Indonesian government.
After forensically examining the communication patterns, the researchers concluded that the initial contact between the command and control servers and the Indonesian government networks was made in March of this year, if not earlier. The technical details of the intrusion are still being determined, according to Insikt Group.
Pratama Persadha, chairman of the Communication and Information System Security Research Centre (CISSREC), a Jakarta-based non profit organisation – who has profiled several cyber security threat actors, including Mustang Panda – was quoted in ANI, a news agency as saying that the group is largely made up of Chinese actors and it can be classified as a state- sponsored actor as it uses advanced persistent threats (APTs).
This require large resources and its targets are mostly high-profile institutions.