Asked about the alleged hacking on Sunday (12/9), Communications and Information (Kominfo) Minister Johnny G. Plate said he had handed the matter over to the National Cyber and Encryption Agency (BSSN).
By
NIKOLAUS HARBOWO
·3 minutes read
JAKARTA, KOMPAS –—All ministries and agencies are expected to audit their cybersecurity systems following the discovery that the internal networks of 10 ministries and agencies, including the State Intelligence Agency, had allegedly been hacked. Systems also need strengthening, from human resources to security systems.The alleged hacking was reported by international media The Record on Friday (10/9/2021). The hacking was discovered by Insikt Group, the cyberthreat research division of Recorded Future, a cybersecurity company based in the United States.
The hacking was linked to Mustang Panda, a group of hackers in China known for various acts of espionage that targeted Southeast Asian countries. Insikt Group researchers discovered that the hacking against Indonesian institutions was carried out in April 2021, when they detected that the PlugX malware command and control (C&C) server operated by Mustang Panda was communicating with a host on an Indonesian government network.
Insikt Group researchers reportedly informed Indonesian authorities of the breach in June and July. After that, Indonesian authorities had taken steps to overcome it, according to a source at The Record. Unfortunately, Insikt Group researchers found that the hacking is still happening.
Asked about the alleged hacking on Sunday (12/9), Communications and Information (Kominfo) Minister Johnny G. Plate said he had handed the matter over to the National Cyber and Encryption Agency (BSSN). Referring to Government Regulation No. 71/2019 on the Implementation of Electronic Systems and Transactions, handling cyber incidents, including hacking, was the domain of BSSN. "Kominfo assists in the tupoksi (main duties and functions) of Kominfo," he said.
Kompas tried to obtain a response from BSSN spokesperson Anton Setiawan, but has still not received a reply, neither has Wawan Hari Purwanto, Deputy VII at the State Intelligence Agency.
Thanos ransomware
According to Pratama Persadha, the Communication & Information Systems executive director at the Security Research Center, the hacking has yet to be confirmed. The details of the 10 agencies that had been hacked are not clear.
However, Pratama had tried to identify the Mustang Panda. The result showed they were a group of hackers with most members from China. This group had created a private ransomware called Thanos.
“This ransomware can access data and login credentials on PC devices, which it then sends to the C&C. The hackers can even control the targeted operating system. Thanos has 43 different configurations to trick the firewall and antivirus [software], so it is very dangerous,” said Pratama.
It is also necessary to periodically test penetration to check the vulnerability of information systems and network.
Even though the hacking was not confirmed, he asked all ministries and agencies to audit their cyber security systems. "It is also necessary to periodically test penetration to check the vulnerability of information systems and networks," said Pratama.
The alleged hacking should also be an occasion to further strengthen cybersecurity systems. Government agencies are asked to use the Honeypot technology. By doing so, hackers will become trapped in the Honeypot system in the event of an attempted cyber attack. In addition, the human resources that maintain systems must be strengthened.