26 May 2023 | Asia Cyber Summary

In the spotlight this week:

• Indonesia Central Bank says Working with Banks to Reassess Management of Cyber Incidents
• U.S. Warns China Could Hack Infrastructure, Including Pipelines, Rail Systems
• Suzuki Motorcycle India Breach Forces Plant Shutdown
• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
• Binance Freezes Accounts Connected to Alleged North Korean Cyber Crime

Indonesia Central Bank says Working with Banks to Reassess Management of Cyber Incidents

Governor Perry Warjiyo of Indonesia's central bank has stated that they are collaborating with banks to review and enhance management protocols for handling cyber incidents. This statement was made in an investor call in response to recent cyber security events in the country, including a data breach at Bank Syariah Indonesia (BSI), the largest Islamic lender in Indonesia, which occurred earlier this month. The central bank aims to strengthen cyber security measures and ensure the resilience of the banking sector against cyber threats.

‍U.S. Warns China Could Hack Infrastructure, Including Pipelines, Rail Systems

The U.S. State Department has warned that China is capable of launching cyber attacks on critical infrastructure, including oil and gas pipelines and rail systems. This comes after a Chinese hacking group was discovered spying on military and government networks in the United States. China denies the allegations and calls it a "collective disinformation campaign." U.S. officials are still assessing the threat and working with service providers to detect and counter the spying activity. The covert nature of espionage makes it difficult to detect using traditional methods. The campaign, called Volt Typhoon, raises concerns about potential disruptions to communications infrastructure amid U.S.-China tensions. The U.S. government has been urging improved cyber security in critical infrastructure following the Colonial Pipeline hack.

‍Suzuki Motorcycle India Breach Forces Plant Shutdown

Suzuki Motorcycle India, a major bike manufacturer in the country, had to halt production of over 20,000 vehicles due to a cyber attack and data breach. The incident forced the company to postpone its supplier conference and is currently under investigation. While further details were not provided, it is suspected that a ransomware gang was responsible. These groups often employ double extortion tactics to pressure victims into paying a ransom. Law enforcement and cyber security experts advise against meeting the demands of cyber criminals.

‍N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

The Lazarus Group, a notorious nation-state cyber-espionage group associated with North Korea, has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers to deploy malware. The group utilizes DLL side-loading techniques, placing a malicious DLL in the same folder path as a legitimate application to execute the malicious code. The recently discovered attack leverages the msvcr100.dll library to decrypt and execute an encoded payload in memory. Lazarus Group's attacks demonstrate their diverse tactics and use of various tools to conduct long-term espionage operations. In response to North Korea's cyber activities, the U.S. Treasury Department has imposed sanctions on several entities and individuals involved in malicious cyber activities and fundraising schemes.

‍Binance Freezes Accounts Connected to Alleged North Korean Cyber Crime

Binance, the leading cryptocurrency exchange, has revealed its involvement in assisting US law enforcement in the seizure of USD 4.4 million and freezing accounts connected to North Korean organized crime. The action was taken almost a year ago, and Binance emphasized its collaboration with law enforcement and compliance with regulations. The US Department of the Treasury's Office of Foreign Assets Control (OFAC) recently charged North Korean organizations for their alleged involvement in malicious cyber activities and revenue generation to support illicit activities. The sanctioned entities include Pyongyang University of Automation, Chinyong Information Technology Cooperation Company, Technical Reconnaissance Bureau, and the 110th Research Center. The disclosure of Binance's assistance comes amid ongoing concerns about North Korea's cyber attacks and their use to finance illicit activities.

‍