Serviceteam IT Security News

Mustang Panda Compromises Indonesian Intelligence Agency

A China-based cyber-espionage threat actor has reportedly compromised the internal networks of at least ten Indonesian government ministries and agencies.

The intrusion – believed to be the work of Mustang Panda – was first reported by The Record and is thought to have impacted the Badan Intelijen Negara (BIN), Indonesia’s main intelligence service.

The cyber-espionage campaign was uncovered in April 2021 by Insikt Group, a division of Recorded Future that is dedicated to researching threats. 

Insikt researchers raised the alarm after finding PlugX malware command and control (C&C) servers communicating with hosts located inside the Indonesian government’s networks. 

Researchers concluded that the communications, which appear to date back to at least March of this year, are the work of Mustang Panda, who they believe is in control of the malicious servers. 

The Indonesian authorities were reportedly notified of the security incident by the Insikt Group in June and again in July. However, Insikt researchers told The Record last month that the malware servers they believe belong to Mustang Panda are still communicating with hosts inside Indonesian government networks. 

Commenting on this, Sam Curry, chief security officer at Cybereason, said: "The reported breach of Indonesia’s intelligence agency by Chinese hackers is troubling, and there is no sense in sugarcoating the significance of the potential loss of sensitive data. 

“Whether or not this attack is state-sponsored isn’t known, but at the very least more and more ransomware attacks are state-ignored.”

Curry said that the public and private sectors need to do more to prevent cyber-attacks and make life difficult for attackers who get past digital defenses. 

“Sure, the threat actors will get in, but so what? We can make that mean nothing,” said Curry. “We can slow them down, we can limit what they see and we can ensure fast detection and ejection. We can – in short – make material breaches a thing of the past.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply