Investigation uncovers substantial spyware exports to Indonesia

Spyware ‎Capabilities:

📌Spyware‏ ‎operations ‎can ‎be ‎categorized ‎into‏ ‎national ‎in-house‏ ‎operations‏ ‎and ‎commercial ‎spyware‏ ‎sold ‎for‏ ‎profit ‎to ‎government ‎and‏ ‎private‏ ‎clients.

📌Commercial ‎spyware‏ ‎provides ‎governments‏ ‎with ‎advanced ‎surveillance ‎tools, ‎enabling‏ ‎them‏ ‎to ‎acquire‏ ‎capabilities ‎they‏ ‎would ‎otherwise ‎struggle ‎to ‎obtain.

📌The‏ ‎global‏ ‎spyware‏ ‎and ‎digital‏ ‎forensics ‎industry‏ ‎is ‎booming,‏ ‎with‏ ‎at ‎least‏ ‎65 ‎governments, ‎both ‎authoritarian ‎and‏ ‎democratic, ‎having‏ ‎contracted‏ ‎with ‎commercial ‎spyware‏ ‎vendors ‎as‏ ‎of ‎2020.

📌Spyware ‎can ‎be‏ ‎used‏ ‎to ‎acquire‏ ‎sensitive ‎data‏ ‎such ‎as ‎customers' ‎full ‎names,‏ ‎phone‏ ‎numbers, ‎addresses,‏ ‎proprietary ‎documentation,‏ ‎account ‎numbers, ‎card ‎numbers, ‎transaction‏ ‎histories,‏ ‎contracts,‏ ‎and ‎passwords

Acquisition‏ ‎Details:

📌Chinese, ‎Russian,‏ ‎and ‎North‏ ‎Korean‏ ‎state-sponsored ‎threat‏ ‎actors ‎are ‎behind ‎most ‎of‏ ‎the ‎observed‏ ‎campaigns‏ ‎targeting ‎various ‎industries‏ ‎in ‎Indonesia.

📌In‏ ‎May ‎2023, ‎the ‎LockBit‏ ‎Ransomware‏ ‎group ‎successfully‏ ‎compromised ‎Bank‏ ‎Syariah ‎Indonesia ‎(BSI), ‎a ‎subsidiary‏ ‎of‏ ‎the ‎state-owned‏ ‎enterprise ‎Bank‏ ‎Mandiri, ‎resulting ‎in ‎the ‎acquisition‏ ‎of‏ ‎1.5‏ ‎terabytes ‎of‏ ‎data.

📌The ‎global‏ ‎inventory ‎of‏ ‎commercial‏ ‎spyware ‎has‏ ‎seen ‎a ‎transition ‎from ‎older‏ ‎suppliers ‎like‏ ‎FinFisher‏ ‎and ‎Hacking ‎Team‏ ‎to ‎newer‏ ‎entrants ‎such ‎as ‎NSO‏ ‎Group,‏ ‎Cytrox, ‎and‏ ‎Candiru.

📌The ‎demand‏ ‎for ‎spyware ‎technology ‎remains ‎high,‏ ‎with‏ ‎government ‎clients‏ ‎and ‎private‏ ‎companies ‎driving ‎the ‎market.

Investigation ‎Progress:

📌The‏ ‎European‏ ‎Parliament‏ ‎has ‎set‏ ‎up ‎a‏ ‎committee ‎of‏ ‎inquiry‏ ‎to ‎investigate‏ ‎the ‎use ‎of ‎Pegasus ‎and‏ ‎equivalent ‎surveillance‏ ‎spyware.

📌The‏ ‎investigation ‎revealed ‎that‏ ‎at ‎least‏ ‎70 ‎governments ‎worldwide ‎have‏ ‎been‏ ‎targeted ‎by‏ ‎commercial ‎spyware,‏ ‎with ‎over ‎180 ‎journalists ‎identified‏ ‎as‏ ‎targets.

📌The ‎investigation‏ ‎also ‎found‏ ‎that ‎there ‎is ‎a ‎lot‏ ‎of‏ ‎surveillance‏ ‎industry ‎activity‏ ‎in ‎Cyprus‏ ‎involving ‎the‏ ‎same‏ ‎actors ‎that‏ ‎emerge ‎in ‎the ‎spyware ‎scandal.

📌The‏ ‎investigation ‎into‏ ‎the‏ ‎intrusion ‎of ‎Indonesian‏ ‎government ‎networks‏ ‎by ‎Mustang ‎Panda, ‎a‏ ‎Chinese‏ ‎threat ‎actor,‏ ‎is ‎ongoing,‏ ‎with ‎authorities ‎taking ‎steps ‎to‏ ‎identify‏ ‎and ‎clean‏ ‎the ‎infected‏ ‎systems. ‎However, ‎as ‎of ‎the‏ ‎last‏ ‎update,‏ ‎hosts ‎inside‏ ‎Indonesian ‎government‏ ‎networks ‎were‏ ‎still‏ ‎communicating ‎with‏ ‎the ‎Mustang ‎Panda ‎malware ‎servers