Chinese-linked hacker group breached Indonesian spy agency’s networks

IntelNews.org (est. 1988) offers daily commentary on intelligence and espionage developments from around the world. It is edited by intelligence experts Dr. Joseph Fitsanakis and Ian Allen.

Indonesian State Intelligence Agency

” data-image-caption=”" data-medium-file=”https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg?w=300″ data-large-file=”https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg?w=629″ class=”alignnone size-full wp-image-20302″ src=”https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg?w=630″ alt=”Indonesian State Intelligence Agency” srcset=”https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg 629w, https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg?w=128 128w, https://intelligencenews.files.wordpress.com/2021/09/first-post-h-3.jpg?w=300 300w” sizes=”(max-width: 630px) 100vw, 630px” />

A GROUP OF COMPUTER hackers with links to the Chinese state is likely behind a major breach of networks belonging to at least ten Indonesian government ministries and agencies, including the country’s primary intelligence service. The breach was first reported on September 10 by cybersecurity firm Insikt Group, whose researchers say they have been monitoring the hacks since April of this year.

Insikt Group said experts in its threat research division noticed that a number of PlugX malware command and control servers were regularly communicating with hosts inside the networks of the Indonesian government. After forensically examining the communication patterns, the researchers concluded that the initial contact between the command and control servers and the Indonesian government networks was made in March of this year, if not earlier. The technical details of the intrusion are still being determined, according to Insikt Group.

The firm said that the breach was perpetrated by Mustang Panda, a mysterious advanced persistent threat actor, which is also known as BRONZE PRESIDENT, HoneyMyte, and Red Lich. In the past, Mustang Panda has been particularly active in Southeast Asia, targeting servers in Mongolia, Malaysia and Vietnam. The targets of this latest breach included the Indonesian State Intelligence Agency, known as BIN. According to Insikt Group, BIN was “the most sensitive target compromised in the campaign”.

The company said it notified the Indonesian government twice about these intrusions, in June and July. Although no response was forthcoming from the Indonesian government, changes in its computer networks since that time may be taken as evidence that the authorities took steps to “identify and clean the infected systems”, according to Insikt Group’s report.

► Author: Ian Allen | Date: 14 September 2021 | Permalink