Cyber-espionage threat actors from China were reported to have breached about 10 internal networks of Indonesian agencies and government ministries. The attack includes the computer devices of Badan Intelijen Negara (BIN) – the primary intelligence services of Indonesia.
Unexpectedly, the cyber-espionage attempt of threat actors from China was revealed in between a time when both Indonesia and China were trying to fix their diplomatic relationship, coming from a near event of armed confrontation which has happened not so long ago because of maritime territory issues.
The attack was investigated and revealed by US-based cybersecurity researchers. They reported that the intrusion is connected to a Chinese threat group called Mustang Panda, famous for its cyber-espionage attack campaigns that mainly target the Southeast Asian region’s government organisations and telecommunication firms.
Upon discovering the intrusion last April, cybersecurity researchers immediately alerted Indonesia authorities, especially that it reoccurred in June and July this year. Even a month before the intrusion’s discovery, which is around March 2021, there were already existing reports that Mustang Panda has targeted telecommunication firms located in Southeast Asia, the USA, and Europe as they disguised as the career page of the Huawei website.
A Slovak security group has also reported that in June 2021, a back door Trojan found on the website of the President’s Office in Myanmar gives users remote control over a device allegedly embedded by threat group Mustang Panda.
Security researchers also added that the Mustang Panda is a threat actors group made up of mostly Chinese people.
Their group is considered state-sponsored due to their capabilities of using advanced and persistent threats, which technically require heavy and extensive resources and primarily target high-profile societies.
When China publicised its Belt and Road Initiative back in 2013, many cyber-espionage threat actors have frequently victimised countries that China has intended to invest in as a part of the project. As China is the second-largest investor in Indonesia, they have situated itself in the provinces of Indonesia to facilitate the increased trade over the past two years and continue the execution of the Belt and Road Initiative.
It is considered that the motive for the attack is not economical or popularity related since the breached data have not been shared in the public domain. Therefore, some researchers conclude that the attack was state-backed espionage with a plan that’s not known. Because of these threats, countries must strengthen their defensive measures to protect themselves from China-based potential attacks.