Investigation uncovers substantial spyware exports to Indonesia
Spyware Capabilities:
📌Spyware operations can be categorized into national in-house operations and commercial spyware sold for profit to government and private clients.
📌Commercial spyware provides governments with advanced surveillance tools, enabling them to acquire capabilities they would otherwise struggle to obtain.
📌The global spyware and digital forensics industry is booming, with at least 65 governments, both authoritarian and democratic, having contracted with commercial spyware vendors as of 2020.
📌Spyware can be used to acquire sensitive data such as customers' full names, phone numbers, addresses, proprietary documentation, account numbers, card numbers, transaction histories, contracts, and passwords
Acquisition Details:
📌Chinese, Russian, and North Korean state-sponsored threat actors are behind most of the observed campaigns targeting various industries in Indonesia.
📌In May 2023, the LockBit Ransomware group successfully compromised Bank Syariah Indonesia (BSI), a subsidiary of the state-owned enterprise Bank Mandiri, resulting in the acquisition of 1.5 terabytes of data.
📌The global inventory of commercial spyware has seen a transition from older suppliers like FinFisher and Hacking Team to newer entrants such as NSO Group, Cytrox, and Candiru.
📌The demand for spyware technology remains high, with government clients and private companies driving the market.
Investigation Progress:
📌The European Parliament has set up a committee of inquiry to investigate the use of Pegasus and equivalent surveillance spyware.
📌The investigation revealed that at least 70 governments worldwide have been targeted by commercial spyware, with over 180 journalists identified as targets.
📌The investigation also found that there is a lot of surveillance industry activity in Cyprus involving the same actors that emerge in the spyware scandal.
📌The investigation into the intrusion of Indonesian government networks by Mustang Panda, a Chinese threat actor, is ongoing, with authorities taking steps to identify and clean the infected systems. However, as of the last update, hosts inside Indonesian government networks were still communicating with the Mustang Panda malware servers