Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: Asia
Pro-Israel Hacktivists Target Malaysian Telecom Giant Maxis
Maxis Says Cyberattack Only Compromised a Third-Party Vendor's WebsiteA pro-Israel hacktivist group breached Malaysian telecom giant Maxis as part of a broader campaign to target organizations in Malaysia because of the country's stance on the Middle East conflict.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The hacktivist group, which calls itself the R00TK1T ISC Cyber Team, claimed on its Telegram channel that it had breached the telecommunications company on Monday, infiltrated the systems and gained access to "a treasure trove of customer data."
The group posted several messages on its Telegram channel, threatening to release the stolen data until Maxis issues a public statement confirming that it was breached. The company complied on Tuesday, but it said that the hackers had accessed a third-party vendor's systems.
"While we did not identify anything related to our own systems, we identified a suspected incident involving unauthorized access to one of our third-party vendor systems that resides outside of Maxis' internal network environment," the company said in a statement shared with local media.
R00TK1T rejected the telco's statement and said it will continue to leak compromised data until the company speaks the truth. "Despite our repeated warnings, Maxis has shamelessly denied any compromise of their systems. But let it be known that our attack teams are relentless, and we will not rest until justice is served," the group said.
The group announced its intent to target Malaysian government and private organizations in response to the country's alleged involvement in cyberwarfare in the Middle East. "They provide sanctuary to those who perpetrate terror and engage in cyber warfare in Middle East conflict. Such treachery cannot go unpunished," the group said.
R00TK1T claimed responsibility for breaching Malaysian telecom and oil palm plantation company Aminia on Jan. 30 and gaining access to a large amount of information. The group in a Telegram post shared screenshots of Aminia's web server login page and the company's back-end system.
R00TK1T also announced on Saturday that it had breached the website of popular online learning platform Yoututor and accessed personal information.
The Malaysian government's National Cyber Coordination and Command Center recently issued a "heightened alert" to organizations, concerning the hacktivist group's activities. "NC4's recent cyber threat intelligence analysis identified the 'R00TK1T ISC CyberTeam' as the threat actor that recently announced their intention to initiate a campaign specifically targeting infrastructure in Malaysia," it said.
NC4 said the hacktivist group was "part of a retaliation team against the cyber campaign stemming from the Middle East conflict" and has "previously targeted various sectors in multiple countries, including education, transportation, healthcare, telecommunications and ICT services, by exploiting known vulnerabilities and enlisting the assistance of insider threats and disgruntled employees."
While R00TK1T claims these most recent attacks were motivated by hacktivism, the group has targeted major corporations to promote its own capabilities. It claimed on Tuesday to have breached information technology giant Dell's internal systems and gained access to the company's confidential data. "This achievement serves as a testament to our expertise and audacity. Our mission is to expose the flaws in corporate security, reminding the world that no organization is safe from our prying eyes," it said.