Mustang Panda Compromises Indonesian Intelligence Agency

A China-based cyber-espionage threat actor has reportedly compromised the internal networks of at least ten Indonesian government ministries and agencies.

The intrusion – believed to be the work of Mustang Panda – was first reported by The Record and is thought to have impacted the Badan Intelijen Negara (BIN), Indonesia’s main intelligence service.

The cyber-espionage campaign was uncovered in April 2021 by Insikt Group, a division of Recorded Future that is dedicated to researching threats. 

Insikt researchers raised the alarm after finding PlugX malware command and control (C&C) servers communicating with hosts located inside the Indonesian government’s networks. 

Researchers concluded that the communications, which appear to date back to at least March of this year, are the work of Mustang Panda, who they believe is in control of the malicious servers. 

The Indonesian authorities were reportedly notified of the security incident by the Insikt Group in June and again in July. However, Insikt researchers told The Record last month that the malware servers they believe belong to Mustang Panda are still communicating with hosts inside Indonesian government networks. 

Commenting on this, Sam Curry, chief security officer at Cybereason, said: "The reported breach of Indonesia’s intelligence agency by Chinese hackers is troubling, and there is no sense in sugarcoating the significance of the potential loss of sensitive data. 

“Whether or not this attack is state-sponsored isn’t known, but at the very least more and more ransomware attacks are state-ignored.”

Curry said that the public and private sectors need to do more to prevent cyber-attacks and make life difficult for attackers who get past digital defenses. 

“Sure, the threat actors will get in, but so what? We can make that mean nothing,” said Curry. “We can slow them down, we can limit what they see and we can ensure fast detection and ejection. We can – in short – make material breaches a thing of the past.”

What’s Hot on Infosecurity Magazine?