Numerous cyber-attacks that have taken place in recent times. When looking at all the attacking campaigns a pattern can be spotted. Threat actors first breach an organizations system and access critical files though loopholes. After that, hackers are exposed to the system.
Targeting a Military
In recent times, hackers have been targeting private companies. Victims like Garmin ended up paying millions of dollars in ransom to regain access to critical systems. Despite that, it appears that hackers have targeted a government entity. The Royal Malaysian Navy is the latest victim of a ransomware attack.
Media reported that about 70 documents belonging to the Malaysian Navy were accessed. Unknown hackers then uploaded the files to different dark-net platforms.
The Straits Times, Singapore's English newspaper released a report. The report claims that different threat actors breached different communication channels. Different files were accessed through different communication channels and even personnel emails.
The newspaper was uncertain about the hackers plans. It was unclear if the threat actors intended to sell the documents or just make them public for free. It was revealed that the documents were regarding the Malaysian Navy strength concerns.
The leaked documents contained a lot of valuable data. Information about military personnel at the naval bases was leaked. One document even contained officials that are corrupted or being punished for drugs.
The Straits Times further reported about the dark-net portal involved in the leaks. All the documents leaked were uploaded on a dark-net portal. After studying that portal it was revealed that documents belonging to foreign entities were also leaked. Hackers reportedly targeted and accessed email accounts belonging to foreign officials.
The other documents belong to the Nigerian Navy and army. Some documents from the U.S. Air Force were also published on the portal.
Among the leaked document, one with high diplomatic significance was leaked. A letter from July 2019, on a U.S. Navy vessel at a Malaysian port was among the documents leaked. The letter contained technical details about the ships radar and communication frequencies.
The media report also contacted cyber-security and intelligence experts on the case. Many experts noted the similar nature of this data breach to other data breaches. They also mentioned that a large number of similar attacks occurs all the time.
Mikko Niemela, CEO of Cyber Intelligence House commented on the attacks. He noted that leaked documents such as those belonging to the Malaysian Navy are usually sold. He said that threat actors tend to upload such data on dark-net markets and exchange it for bitcoin.
The reason all stolen document sales are crypto-enabled is anonymity. Buyers and sellers who exist on the dark-net need to ensure their anonymity. For this reason almost all higher-profile data leaks occur on the dark-net.
It is worth mentioning that some hackers choose to make data public and not charge people for money. This is usually done as ransom or to expose something inhumane.
Leaked Documents called obsolete
In a statement published on August 17th, the Malaysian Navy acknowledged the cyber-attacks. The Navy confirmed its knowledge about the data leak. The Malaysian Navy also mentioned that the military has started an investigation.
Despite the investigation, the Navy insisted that the documents leaked were not critical. The military released a statement claiming that all the documents leaked were outdated. They also mentioned that the data breach did not affect operations in any way.
The statement mentioned that the Navy's information and communication systems are intact. The Malaysian Armed Forces Headquarters' and Cyber Defense Operations Center are on alert. All the technological systems are being closely monitored by the military.