|Category: Adversary Intelligence||Industry: Telecommunications||Motivation: Financial||Region: Indonesia||Source*: F4|
- CloudSEK’s contextual AI digital risk platform XVigil uncovered a post on a cybercrime forum, announcing the data breach affecting an Indonesian telecom firm and its subsidiaries.
- The compromised telecom firm was PT Telekomunikasi Indonesia.
- 49 MB of classified documents were claimed to be exfiltrated, which included:
- Tax cards
- Financial statements
- Sensitive government documents
- List of subsidiaries affected in the breach include the following:
- PT Infomedia Nusantara
- PT Infrastruktur Telekomunikasi Indonesia
- Harbor Media
- PT Telkom Satelit Indonesia
- PT Metranet
- In order to substantiate their claims, a total of 65 sample documents were shared.
- The group also posted a threat claiming that they expected a reasonable reaction from the compromised entities, such as a confirmation of the breach as opposed to denial.
- In addition, the group issued a message urging all state and government companies to responsibly report data breaches in the present and the future.
- To avoid scams, the group uses the middleman service facilitated by the forum’s moderator Pompompurin.
- The group has shared a ZIP file containing the breached documents.
- All PDF metadata was wiped from the disclosed samples.
- The observed data was found to be originating from at least 2009.
- The group also left their email address in a TXT file within the document dump.
- CloudSEK’s Threat Intelligence research team has observed a steady number of cyberattacks targeting Indonesia.
- According to forum discussions, the possible cause of these attacks is a weak security posture of companies' web-facing infrastructure.
- A notable and recent data breach was observed exposing 17 million customer records from PLN (Perusahaan Listrik Negara or Indonesian State Electricity Company).
|Threat Actor Profiling|
|Active since||July 2022|
|Reputation||Low (Multiple complaints and concerns on the forum)|
|History||Reliability of the information provided by the group cannot be assessed at this time.|
|Point of Contact||Jabber and Email|
|Rating||F4 (F: Reliability Unknown; 4: Doubtfully true)|