A Chinese APT group known for its cyber-espionage campaigns targeting the Southeast Asian region may have breached 10 Indonesian government servers.
Insikt Group (the threat research division of cybersecurity company Recorded Future) discovered the breach back in April of 2021.
The research division linked the attack back to an APT group called Mustang Panda.
The APT group utilized PlugX malware to communicate with the infected hosts:
PlugX is a Remote Access Trojan (RAT) which was first spotted in 2012, since then it has been used in several attacks launched by Chinese cyber-espionage group APT10. PlugX RAT primarily targets government entities and is distributed via phishing emails, spam campaigns, and spear-phishing campaigns.
Insikt Group notified Indonesian authorities, including BIN back in June and July but received no response.
However, authorities took steps to identify and clean the infected systems in August, according to a source who spoke to The Record.
According to a report by McAfee. The Chinese APT group targets telco companies based in Southeast Asia, Europe, and the United States, with a strong interest in enterprises in Germany and Vietnam.
The group aims to gain access to the telcos’ internal networks to steal sensitive information related to 5G technology.
By using McAfee’s telemetry, possible targets based in Southeast Asia, Europe, and the US were discovered in the telecommunication sector. We also identified a strong interest in German, Vietnamese and India telecommunication companies. Combined with the use of the fake Huawei site, we believe with a high level of confidence that this campaign was targeting the telecommunication sector. We believe with a moderate level of confidence that the motivation behind this specific campaign has to do with the ban of Chinese technology in the global 5G roll-out.
In June, the same group was a suspected in attacking the website of the Myanmar president’s office.
They infected and put malware on an on-site available to download font package.
Researchers of cybersecurity firm vpnMentor reported that the personal data of 1.3 million users of the country’s electronic Health Alert Card, or eHAC “test and trace” program, was purportedly exposed when it was stored on an open server due to poor data privacy protocols. After the report was released, BSSN said no eHAC data was leaked and sold on the dark web. Even so, the agency acknowledged that it had found a vulnerability on eHAC’s partner platform and authorities had quickly patched the system.