TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
State intelligence hacked in alleged breach of government networks
The breach was discovered by Insikt Group, the research division of threat intelligence company Recorded Future, in April. The firm detected PlugX malware, believed to be operated by a group called Mustang Panda, operating within the networks of Indonesian government agencies, cybersecurity publication The Record reported on Sept. 10.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
At least ten government agencies have fallen victim to cyberattacks reportedly committed by Mustang Panda, a China-based hacker group, in the latest of a series of state data breaches. (Unsplash/Courtesy of Mika Baumeister-)
T
he internal networks of at least 10 government institutions, including the State Intelligence Agency (BIN), were reportedly breached earlier this year by China-based hackers in an alleged cyberespionage campaign, highlighting Indonesia’s vulnerability to cyber threats and its lack of strong data protection regulation.
The breach was discovered by Insikt Group, the research division of threat intelligence company Recorded Future, in April. The firm detected PlugX malware, believed to be operated by a group called Mustang Panda, operating within the networks of Indonesian government agencies, cybersecurity publication The Record reported on Sept. 10.
Insikt researchers managed to trace the malware’s presence on the networks back to at least March 2021, although they were unable determine how the government systems were breached or which network was the first to be compromised.
The researchers notified government officials of the cyberattack in both June and July but did not receive feedback, The Record reported.
Mustang Panda is believed to have orchestrated a cyberespionage campaign targeting United States-based non-governmental organizations (NGOs) in 2017, according to US cybersecurity company Crowdstrike.
The group now appears to have moved its focus to Southeast Asia. In a report published in July, experts from antivirus software company Kaspersky highlighted cyberattack campaigns in Myanmar and the Philippines, some of which had targeted government agencies.
The attacks, which had reportedly been ongoing since at least October 2020, were believed to have been conducted by the HoneyMyte group, an alias for Mustang Panda.
