Thanos Reportedly Attacked The Website Of Ministries/State Agencies, CISSReC: Needs To Be Checked

ILLUSTRATION/UNSPLASH

JAKARTA - Insikt Group reported that 10 Indonesian government ministries/agencies were hacked by Mustang Panda Group, a Chinese hacker using private ransomware called Thanos.

Even this hack is directly linked to China's espionage efforts in an effort to deal with the warming situation in the South China Sea.

Cybersecurity expert Pratama Persadha explained that this news has not been confirmed. Because this news is still a one-sided claim.

"If they have shared evidence of the hack, such as data and usually defacement attempts, then we can conclude that it is true that a hack took place. Which 10 ministries are also still unclear. However, if this is inter-state espionage, evidence will be more difficult to obtain, because the motive is neither economic nor popularity," explained Pratama who is also chairman of the cybersecurity research institute CISSReC (Communication & Information System Security Research Center) in a written statement, Sunday, September 12. .

According to Pratama, this news is at least a trigger for government ministries/agencies to check their information systems and networks.

"In mid-2020, similar issues occurred within the Ministry of Foreign Affairs and several SOEs. At that time there was a warning from Australia that the email of one of our diplomats sent the aria body malware to the email of an official in Western Australia," he explained.

According to him, the email from the diplomat at that time was successfully taken over by hackers, who were thought to be Naikon's group from China. However, it is also not known exactly whether only emails or until the device was hacked.

“It is necessary to carry out a deep vulnerable assessment of the system we have. As well as conducting periodic penetration tests to check information system and network vulnerabilities. Then use Honeypot technology where when an attack occurs, hackers will be trapped in this honeypot system, so they can't attack the real server, "explained Pratama.

In addition, according to him, it is necessary to install Cyber Threads Intelligent sensors to detect malware or malicious packages that will attack the system. Pratama said that the most important thing is to create good cybersecurity governance and implement existing information security standards.

"We have tried to do threat actor profiling. Mustang Panda is a hacker group, mostly members from China, where this group creates a private ransomware called Thanos," he said.

“This ransomware can access data and login credentials on PC devices which then send them to the CNC (command and control) and even hackers can control the target operating system. Thanos' private ransome has 43 different configurations to trick firewalls and anti-viruses, making it very dangerous," said Pratama.