Follow the Cyber Threat Landscape

Get insights into real-world cyberattacks impacting national infrastructure—and what they mean for you and your organization.

Highlight News

Indonesia Faces Surge in Cyber Anomalies and Attacks, Data Reveals

Indonesia experienced a significant wave of cyber activity in 2024, characterized by an overwhelming number of traffic anomalies and specific, targeted threats, according to data from the Indonesia Cyber Security Landscape 2024. This surge underscores the growing vulnerability of national digital infrastructure, a concern highlighted by the recent high-profile attack on the Ministry of Home Affairs. Alarming Traffic Anomalies Dominate Cyber Landscape The total volume of traffic anomalies recorded in Indonesia during 2024 reached a staggering 330,527,636 incidents. The vast majority of this abnormal traffic was attributed to the Mirai Botnet, which alone accounted for 81,286,596 activities. Meanwhile, the country saw millions of specific malicious activities, including: Phishing: The most prevalent attack type, recording 26,771,000 activities. Advanced Persistent Threat (APT): Registered 2,487,041 activities. Ransomware: Recorded 514,508 activities. Critical Incidents and Data Leaks Based on monitoring and Cyber Threat Intelligence results, the National Cyber and Crypto Agency (BSSN) has identified 241 suspected cyber incident leaks. Further darknet investigations uncovered 56,128,160 exposure findings that impacted the data of 461 public interest entities in Indonesia. In cases involving website damage, BSSN recorded 5,780 incidents that targeted several domains and 4,071 incidents specifically targeting online gambling websites. Furthermore, public complaints received by BSSN regarding phishing attacks in 2024 totaled 1,814. The sector grouping of these attacks is based on Presidential Regulation No. 82 of 2022 concerning the Protection of Vital Information Infrastructure (II). High-Profile Attack on Ministry of Home Affairs The severity of the cyber threat was underscored by a direct attack on the official website of the Ministry of Home Affairs (Kemendagri), www.kemendagri.go.id. Service Refusal: Attempts to access the site around 20:40 local time resulted in an error message stating, "This site can't be reached www.kemendagri.go.id refused to connect". Alleged Motive: The then Minister of Home Affairs, Tjahjo Kumolo, confirmed the incident, stating that based on his team's reports, the goal of the hack was allegedly "related to KPK aspirations". Exploited Vulnerability: The security breach was suspected to have been initiated by exploiting a vulnerability within the system, potentially "through the port file transfer and/or through the port database". This incident, alongside the overwhelming statistics on digital anomalies, highlights the pressing challenge Indonesia faces in securing its critical government and public sector digital assets against sophisticated and relentless cyber threats.

Home Affairs Cyber Attack
Cyber Attack Hits Indonesia’s Ministry of Home Affairs Website

The official website of Indonesia's Ministry of Home Affairs (Kemendagri), www.kemendagri.go.id, was recently targeted by a cyber attack, causing a significant disruption to the ministry's online presence. The incident was swiftly confirmed by the then Minister of Home Affairs, Tjahjo Kumolo. Site Connectivity Refused The attack resulted in accessibility issues for the primary government portal. At approximately 20:40 local time, attempts to visit the Kemendagri site were unsuccessful, with users being met with a clear error message: "This site can't be reached www.kemendagri.go.id refused to connect." This indicated that the core server or network infrastructure supporting the website had been compromised or taken offline as a result of the breach. Alleged Motive Linked to KPK Aspirations Minister Tjahjo Kumolo addressed the media regarding the incident, providing preliminary details on the potential motive behind the sophisticated attack. Based on reports compiled by his technical team, the Minister stated that the hack's objective was allegedly "related to KPK aspirations," connecting the digital intrusion to ongoing public debates or policy matters concerning the nation’s anti-corruption body, the Corruption...

Read More
Immigration Cyber Attack
Major IT Failure: National Data Center Disruption Paralyzes Indonesia’s Immigration System

The National Data Center (PDN), managed by the Ministry of Communication and Information Technology (Kominfo), has been hit by a significant system disruption, causing widespread governmental service interruptions across Indonesia. The most immediate and visible consequence is the complete paralysis of the electronic immigration system at several major international airports, most notably at Jakarta's Soekarno-Hatta International Airport (CGK). The disruption, stemming from a core component of the country's data infrastructure, has affected various government data management facilities. Crucially, the system responsible for processing international arrivals and departures—a vital component of airport operations—has become inoperative. Chaos at Soekarno-Hatta Eyewitness accounts and the provided photographic evidence illustrate the chaotic scene at Soekarno-Hatta Airport. Passengers are being forced to navigate significantly extended immigration inspection queues due to the system failure. With automated processes non-functional, airport personnel are likely resorting to manual or backup verification procedures, dramatically increasing processing times. The resulting delays have caused massive bottlenecks in passenger flow, leading to: Hours-long waits for travelers. Missed connecting flights for transit passengers. Operational headaches for airlines and airport management....

Read More
Defense Ministry Cyber Attack
Alleged Data Leak of 700 Thousand Individuals Related to CPNS Selection, Hacker ‘DigitalGhost’ Claims Cyberattack

Indonesia's cybersecurity landscape is once again stirred by a data breach claim targeting sensitive information of prospective state civil servants. A hacker using the pseudonym DigitalGhost claims to have successfully leaked data belonging to 700,000 individuals who are participants in the Civil Servant Candidate Selection (CPNS) process at one of the ministries. This claim was first announced via the social media account X (formerly Twitter) with the handle @H4ckmanac. Sensitive Data at Risk The data claimed to have been stolen by DigitalGhost is highly specific and sensitive because it is directly related to the identity of the participants and the history of the state recruitment process. According to the post, the leaked information allegedly includes: NIK (National Identity Number) Selection participant number Full name Exam session date and location Applied job position Assigned department Potential Danger to Victims A data breach encompassing NIK and full names is highly susceptible to misuse for various criminal acts, ranging from fraud (phishing), creation of illegal online loan accounts, to scams impersonating government institutions. Moreover, this data also contains...

Read More
Indonesia Cyber Attacks
Full Chronology of BSI Crisis, From Mass Outage to $20 Million Ransom Demand

PT Bank Syariah Indonesia Tbk (BSI) experienced a digital service disruption that began on Monday (May 8, 2023). Although services were initially claimed to be restored, some customers continued to face issues. Subsequently, the LockBit hacker group allegedly breached millions of BSI customer data, leaked the information on the dark web, and demanded a ransom of Rp 295.61 billion (approximately $20 million) for the bank to redeem the customer data. Here is the complete chronological sequence of the crisis faced by BSI: 1. Initial Disruption and Maintenance Claim (May 8–10) The service outage was first reported by customers on Monday (May 8) morning, paralyzing all BSI transaction channels, including BSI Mobile, ATM machines, and tellers. Initially, BSI management stated the error was caused by system maintenance and on Tuesday (May 9), claimed that services were gradually recovering, with approximately 1,200 ATMs restored. However, on Wednesday (May 10), monitoring showed that BSI Mobile was not 100% normal and continued to experience frequent errors or time outs. 2. Acknowledgment of Suspected Cyberattack (May 11) On Thursday (May...

Read More
Indonesia Cyber Attacks
Bank Indonesia Hacked: Several Data Targeted, Payment System Secured

The data system of Bank Indonesia (BI) was allegedly attacked using Conti ransomware by a Russian-based hacking group. Data totaling 487.09 MB was successfully breached and stolen by the hackers. BI's Head of Communications Department, Erwin Haryono, confirmed the case, stating that BI was affected by a cyberattack last month. However, Haryono did not specify which BI system was successfully breached. Several Data Points Targeted by Russian Perpetrators The Conti website displayed 16 file folders containing various types of data, ranging from community savings positions in rupiah, commercial bank foreign exchange (forex), to receipts (bon). Bank Indonesia stated that this data is part of the Indonesian Economic and Financial Statistics which is publicly available and accessible on BI's website. Conti is a ransomware operated by the Wizard Spider hacking group, based in Russia. This malware can steal or lock victim data until a ransom is paid, typically in cryptocurrency such as Bitcoin. It is currently unknown whether the hackers demanded a ransom from Bank Indonesia. Payment System Confirmed to Remain Secure Erwin Haryono assured that...

Read More
Indonesia Cyber Attacks
The Leak of 1.3 Million eHac Data: Why It Happened and the Danger to Patients

Millions of health data and health information belonging to Indonesian citizens have been leaked again. At the end of August, about 1.3 million user data from the Health Alert Card (eHAC) application made by the Indonesian Ministry of Health, which contained COVID-19 data, was breached. The perpetrator is unknown. Three months earlier, data belonging to 279 million Indonesian citizens collected by the Healthcare Social Security Administering Body (BPJS Kesehatan) was also leaked. This data was traded on raidforum.com. If this figure is accurate, it would be a new record for the largest health data breach case globally. These two cases alone indicate that the level of data security in Indonesia is very weak. Moreover, health data is a type of personal data that is specific, sensitive, and confidential, and must be protected. When complex health data is digitized and moved across organizational boundaries and health systems, we are faced with major questions about the level of security and confidentiality of health data in Indonesia, and what the priority of the government and citizens should be...

Read More