26 November 2021 | Asia Cyber Summary

In the Spotlight this Week:

  • Indonesia probe police hack in latest cyber breach

  • Japan and Vietnam look to building cyber defense against China

  • CL0P hacking group hits Swire Pacific Offshore

  • North Korean hackers found to be behind a range of credential theft campaigns

  • GoDaddy breach exposes 1.2 million managed WordPress customer accounts

Indonesia Probe Police Hack in Latest Cyber Breach

Indonesian police are investigating claims by a hacker who said they have stolen the personal data of thousands of police officers. This case is the latest in a spate of cyber attacks that has highlighted the country's digital vulnerabilities.

The hacker claimed to have obtained the data of 28,000 officers by infiltrating Indonesia's national police server, according to local media reports. The hacker said the compromised information included names, home addresses, emails, phone numbers and blood types. The hacks have the highlighted digital security vulnerabilities at state agencies in Indonesia, which has one of the world's biggest online markets.

Japan and Vietnam Look to Building Cyber Defense Against China

Japan and Vietnam signed a cyber security agreement as the two Asian nations rapidly step up their military ties amid concerns over China’s growing assertiveness. Japan’s Defense Minister said that the cyberspace agreement aimed to address a “strong sense of urgency” over activities in the Indo-Pacific region that challenge the existing international order, indicating China without identifying any country by name.

Japan has in recent years stepped up cyber defense cooperation with the United States, Australia and others. The Japanese Defense Ministry says cyberattacks are part of rising security threats from China as it becomes more assertive in the region — a shared concern by the United States and other allies in the region.

CL0P Hacking Group Hits Swire Pacific Offshore

Swire Pacific Offshore (SPO) announced it fell victim to a cyber attack which compromised "some confidential proprietary commercial information" along with personal information. The specifics of the attack are unclear, but there are suggestions that behind is the CL0P ransomware group.

Employees who seem to be most affected are based in Singapore and Malaysia, but some records belong to staff in the UK, China, and the Philippines. Among the other files stolen are file names alluding to payment advice, mailbox backups, miscellaneous archives, and other personal folders. The company is the marine services division of the Swire conglomerate and has confirmed the attack has not affected its global operations.

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. The attacks were spread across North America, Russia, China, and South Korea.

Known to be operational as early as 2012, Kimsuky has since emerged as one of the most active advanced persistent threat (APT) group known for setting its sights on cyber espionage, but also for conducting attacks for financial gain. However, the ultimate motive behind the attacks remains unclear as no follow-on payloads were observed.

GoDaddy Breach Exposes 1.2 Million Managed WordPress Customer Accounts

GoDaddy, the top global web hosting firm with tens of millions more sites than its competition, reports that data on 1.2 million of its WordPress customers has been exposed.

Customers had both their email addresses and customer numbers exposed. GoDaddy warns users that this exposure can put users at greater risk of phishing attacks. In addition, active customers had their sFTP and database usernames and passwords exposed. GoDaddy has since reset both these passwords. Finally, some active customers had their Secure-Socket Layer (SSL) private key exposed. GoDaddy is currently reissuing and installing new certificates for those customers.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.