Security Alert Banner

In 2021 Indonesian government agencies were under fire, with numerous reports of agencies being compromised including the BSSN (Badan Siber dan Sandi Negara, or State Cyber and Signal Agency), and state police employee databases. The BSSN is Indonesia's primary signal intelligence agency with responsibility for cyber threat intelligence, and national cyber defence, making this attack a deliberate message to Indonesia’s national defence agency. 

One of the actors, was reportedly a 16-year-old threat actor known as son1x. The attack was allegedly a response to the recent defacement of websites in Brazil. The actor also claimed responsibility for the exfiltration of Personally Identifiable Information (PII) from a police employee database in 2021. 

Red Piranha’s SecOps team have been tracking these activities since 2021 and noticed potential dumps of new data over the past few days related to the original attacks in 2021. The team has a copy of the data and are doing analysis of the leak to confirm its authenticity. It is currently unclear if this leak is related to the same site or another site, as several of the Indonesian government sites got hit at a similar time last year. 

Initial analysis within the leaked php scripts is a message from SPYRO KiD for BSSN site administrators “Haters gonna hate!” The supplied scripts could enable remote code execution were they in production. Yet, the only connection between this data as purported, is the allusion to the type of threat actor being presented. 

According to past reports by the editorial team, justification for further attacks was because individuals in Indonesia had contacted son1x for ‘help’. The son1x persona is atypical of other Brazilian defacement groups reported on in the SANS whitepaper, The Brazilian Connection. 

Red Piranha’s Threat Intelligence team will continue to track the situation for further analysis and inclusion of IOC’s into its Cyber Threat Intelligence program. For inquiries related to the data please contact [email protected] for further information. 

Date Published
February 01, 2022