An anonymous hacker, known as “Two2,” has claimed to have successfully breached the website of the Ministry of Defense in Indonesia, kemhan.go.id. The hacker asserted gaining access to the website’s dashboard panel.
In a post on BreachForums, Two2 shared several screenshots from the kemhan.go.id dashboard. One of the screenshots revealed that the website had utilized 1.64 terabytes of storage out of 2 terabytes available.
Pratama Persadha, Chairman of Communication and Information System Security Research Center (CISSReC), noted that hackers typically aim to sell the data they obtain during a breach. In this case, the hacker offered accounts with access to the kemhan.go.id dashboard for sale.
While the shared documents were not classified, Pratama emphasized that it is possible for website users or employees to inadvertently store sensitive documents on the site, potentially compromising national security.
He also mentioned that the obtained accounts could be used to access other systems within the Ministry of Defense that contain important data and classified documents.
CISSReC conducted an investigation and found that kemhan.go.id had various vulnerabilities related to credentials, with 667 users and 37 employees experiencing data leaks. These leaks could be exploited for unauthorized access to the website.
In their examination, CISSReC also identified subdomain URLs from kemhan.go.id that could potentially serve as attack points against the Ministry of Defense’s website.
Pratama suggested that the cyberattack on kemhan.go.id was likely a “Stealer” malware attack. He explained that this type of malware is typically used to collect information that can be monetized by attackers.
Stealer malware’s standard form is to gather login information such as usernames and passwords, which are then sent to other systems through email or networks.
After successfully extracting sensitive data from the target device, hackers send this information to threat actors who may use it for extortion, ransom demands, or sell it on the dark web or forums as stolen goods.
Pratama highlighted that malware-based cyberattacks are favored by hackers because direct attacks on targeted systems from the outside are challenging due to multiple security measures in place. Thus, hackers exploit human error, which often represents the weakest point in cybersecurity.
Furthermore, Pratama explained the existence of “Malware as a Service” (MaaS), where cybercriminals provide various types of malware to users or customers who pay for the service. Customers of MaaS typically lack technical knowledge and skills to create malware themselves, so they can rent or purchase pre-made malware for launching attacks or other malicious activities.
The exact attack vector used by the hacker to access kemhan.go.id’s dashboard panel has not been determined yet. Pratama suggested that users are required to change the passwords of their accounts, both on the kemhan.go.id website and their personal accounts (email, social media, etc.).
It’s important to note that the Ministry of Defense’s website is now inaccessible, likely for investigative and system maintenance purposes, in an effort to prevent the use of leaked passwords for unauthorized access.
