23 Sep 2022 | Asia Cyber Summary

In the Spotlight this Week:

• Singapore Telco MyRepublic Ordered to Pay SGD 60,000 for Failing to Protect Personal Data of 80,000 Customers
• Singtel’s Optus in Australia Hit By Cyber Attack, Customer Data Leaked
• Indonesia Hunts for Bjorka, Hacker Selling 1.3 Billion SIM Card User’s Data, Taunting Officials
• Hacking Group ‘Anonymous’ Knocks Iran State Websites Offline Amid Nationwide Protests
• Uber Links Breach to Lapsus$ Group, Blames Contractor for Hack

Singapore Telco MyRepublic Ordered to Pay SGD 60,000 for Failing to Protect Personal Data of 80,000 Customers

Singapore’s MyRepublic has been ordered to pay a fine of SGD 60,000 for failing to protect the personal data of almost 80,000 customers in a cyber incident last year on 29 Aug, 2021. The telco provider suffered a data breach and subsequently received an email from an external threat actor threatening to publish the stolen customer data unless a ransom was paid. Personal data belonging to more than 75,000 Singaporeans and permanent residents were stolen during the breach. At the time of the incident, MyRepublic stored customers’ identity verification numbers and mobile porting documents in a publicly accessible ‘bucket’ on cloud storage provided by Amazon Web Services (AWS). The ‘bucket’ was protected by an access key, but investigations have revealed that the external threat actor used the same access key to access the ‘bucket’.

Singtel’s Optus in Australia Hit By Cyber Attack, Customer Data Leaked

Yesterday, Singtel’s Australian subsidiary Optus was hit by a cyber attack affecting millions of customers. The ongoing investigation probes into a possible unauthorized access of both current and former customers’ information. This includes the names, dates of birth, phone numbers, and email addresses of customers. Certain subsets of customers have also had their addresses and official identification numbers and documents compromised. The cyber attack was shut down “immediately” upon its discovery and is not believed to have affected its services such as mobile and home internet.

Indonesia Hunts for Bjorka, Hacker Selling 1.3 Billion SIM Card User’s Data, Taunting Officials

A hacker under the pseudonym Bjorka has been selling stolen data from individuals and state-owned organizations in Indonesia. The data consists of  1.3 billion registered mobile phone numbers, 105 million voters, and a log of the President’s correspondence, amongst others. This also includes a leaked log of incoming and outgoing confidential documents between President Joko Widodo and the State Intelligence Agency. Bjorka, who is believed to be based in Warsaw, Poland has been taunting Indonesian government officials, after an appeal was made to stop leaking Indonesian personal data.

Indonesia is home to a booming digital economy, and has been subject to numerous data breaches over the past years. Given its history, experts have criticized the lack of responses in past breaches. 

Related articles:

11 Million Cyber Threats Detected in Indonesia Apart from Bjorka

Hacking Group ‘Anonymous’ Knocks Iran State Websites Offline Amid Nationwide Protests

Hacking Group ‘Anonymous’ has claimed responsibility for cyber attacks on the  Iranian government official websites as part of the hacking collective’s support for protests against the death of Mahsa Amini, who was held by the country’s morality police for allegedly violating its dress code by wearing her headscarf too loosely. The hacking group claims that Amini’s death was the ‘last straw’ and will be launching #OpIran against the Iranian state which will see cyber attacks launched on ‘smart services’ for state-owned news and media outlets. Anonymous has claimed to have deleted ‘all databases’. Iran has yet to comment on the claims or cyber attacks.

Related articles:

Iranians See Widespread Internet Blackout Amid Mass Protests

‍Uber Links Breach to Lapsus$ Group, Blames Contractor for Hack

Investigations into Uber's data breach last week are believed to be affiliated with the Lapsus$ extortion group, who is also known for hacking other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The attacker used the stolen credentials of an external contractor by Uber in a multifactor authentication fatigue attack where the contractor was flooded with two-factor authentication (2FA) login requests until one of them was accepted. From there, the threat actor accessed several other employee accounts to gain access to employee tools such as G-Suite and Slack. Uber has added that it has yet to discover proof that the hacker has accessed and injected malicious code within its codebase.

‍