The Issue Of The Alleged PT. KAI Ransomware Attack, Here's The Response Of Cyber Security Experts

Screenshot of the alleged hacking of PT. KAI (photo: @TodayCyberNews)

JAKARTA - On January 14 yesterday, the @TodayCyberNews account on X first discovered that PT. Kereta Api Indonesia (KAI) was suspected of having been a victim of hacking.

In its post, the account shows where the hacker managed to steal some sensitive data such as employee information, customer data, tax data, company records, geographic information, information distribution systems and various other internal data.

Responding to this issue, the Chairman of the CISSReC Cybersecurity Research Institute, Pratama Persadha said they had conducted an investigation, even a week before the hacking information was disclosed.

The Stormous ransomware can get access to the PT. KAI system through VPN access using several credentials from several employees. After successfully entering they managed to access the dashboard of several PT. KAI systems and download the data on the dashboard," said Pratama in a statement received by VOI on Tuesday, January 16.

From the screenshots shared, Pratama believes that Stromous entered through employee internal access which was obtained through the phishing method and social engineering or they bought the credentials from other hackers who used malware log Stealers.

Although it seems that PT. KAI is aware of attacks and has carried out several mitigations such as deleting the VPN portal on the PT. KAI website, Pratama believes that this step is not efisian.

Because according to him, there is also the possibility that the ransomware gang has installed a backdoor inside the PT. KAI system. Thus, they can use it again to access the system whenever they want.

So, if they can't find the backdoor, one of the safest steps is to deploy the system on the new server using PT. KAI's backup data.

According to the data we managed to explore, there were 82 credentials of PT. KAI employees that were leaked, as well as nearly 22.5 thousand customer credentials and 50 credentials from other company employees who partnered with PT. KAI, "said Pratama.

Pratama also said that the credential data was obtained from around 3300 urban areas which became the surface of external attacks from the PT. KAI website.

Seeing the trend of threats like this, Pratama sees that currently, security is only an add on or an additional system owned by an organization.

"Therefore, there must be a massive and structured movement so that cybersecurity becomes one of the focuses that is understood and determined by the High Level Personnel or leaders in the organization, so that it is hoped that cybersecurity can start from upstream, even long before the application is made," he said.

Pratama also suggested, PT. KAI must really consider the cybersecurity aspect, especially at this time PT. KAI is intensively implementing a face recognition system on the ticketing system.