A group of cyber attackers apparently supported by the state is said to have infiltrated the intranets of at least ten Indonesian ministries and authorities with malware and thus compromised them. These include the internal networks of Indonesia’s most important secret service, the Badan Intelijen Negara (BIN), reports The Record with reference to the IT security experts of the Insikt Group behind the online portal.
The researchers link the massive hack to the cyber mercenaries of the Mustang Panda unit, who, according to the Malpedia Lexicon of the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) are said to have spied on civil society organizations in Mongolia, other Southeast Asian regions and the USA. Typical of the troop, which are said to have connections to the Chinese government, is therefore the use of the PlugX malware family.
The infiltration point and the method of transmission are still unknown This is a Trojan for remote access to other computers that is used as a backdoor. This allows the victim’s machine to be fully controlled, including the recording of keystrokes and screen recordings.
The Insikt experts first became aware of the operation in progress in April when they discovered relevant command centers in the form of “Command-and-Control” servers (C&C) based on PlugX. This has according to the report operated the Mustang Panda Group and used it to communicate with hosts within the networks of the Indonesian government. The researchers later want to have traced corresponding connections back to at least March 2021. The point of introduction and the method of transmission of the malware are still unknown.
Trojan horse The security researchers reported their findings about the intruders to the Indonesian authorities in June and a second time in July. They received no response to this. The BIN also did not respond to inquiries from The Record in the past two months. Nevertheless, according to an insider, Indonesian investigators are said to have investigated the case and taken steps to identify and clean the infected IT systems. According to Insikt, servers in Indonesian government networks were recently still communicating with Mustang Panda C&C computers.
The report about the extensive cyber espionage comes at a time when China and Indonesia after lengthy scuffles have resumed closer diplomatic relations . A few years ago there was almost an armed conflict between the two states. The main trigger for the dispute were territorial disputes in the South China Sea.
In the past two years, however, as the second largest investor in Indonesia, China has ensnared regional government agencies there to boost sales of goods and promote the implementation of the “New Silk Road”, a foreign policy initiative for lasting political relations and trade agreements. Especially in the West, this campaign is seen as a Trojan horse to infiltrate the affiliated national economies. In addition, since the initiative was launched in 2013, cyber espionage units have already targeted several countries that wanted to enter into the relevant pact with the Middle Kingdom.