Indonesia’s civil aviation authority has alleged suffered a massive security breach where a threat actor has claimed to have accessed critical data related to handling of air traffic in the country. The Indonesian civil aviation data breached was allegedly orchestrated by a threat actor, operating under the alias, “Hacker Mail”. The threat actor has alleged exfiltrated more than 3GB of database which includes all employees and passwords for all applications, website user data, ID card photo data for all employees, drone pilot certificate participants, and flight data related to aircraft, pilot’s personal data, as well as all other activities in Indonesian airports.

Decoding Indonesian Civil Aviation Data Breach

The threat actor’s post on hacking site Breachforums, stated that the exfiltration of data occurred on June 27,2024. In his post, the hacker stated, “The Directorate General of Civil Aviation (DGCA) is an element that implements some of the duties and functions of the Indonesian Ministry of Transportation, which is under and responsible to the Minister of Transportation. The Directorate General of Civil Aviation is led by the Director General. The Directorate General of Civil Aviation has the task of formulating and implementing policies and technical standardization in the field of air transportation. The Directorate General of Civil Aviation handles the administration and management of civil aviation within the Unitary State of the Republic of Indonesia.” To substantiate the data breach claim, the threat actor attached the following sample records.

• User log for small, unmanned aircraft certificates, remote pilot certificate and unmanned aircraft operation approval.

In this sample of data leak, the cyberattacker has claimed to  expose sensitive personal information of pilots, IP address used to login and date and time of login. The data is for users who logged in to one of the applications of the DGCA on 08/15/2022 and 08/16/2022.

• Sample chats which probably refer to communication of DGCA employees with pilots on 04/13/2022
• ID card photo data for all employees
• Userrname and password of employees who logged on to a DGCA application

Despite these high-profile declarations, a closer inspection reveals that Indonesia’s DGCA website is currently functioning normally, showing no signs of a security breach. The Cyber Express has reached out to the DGCA officials to verify the alleged cyberattack. The authorities too are yet to release an official statement or response regarding the reported data breach, leaving the claims unverified as of now. The article too would be updated if any information is provided by the officials.

Indonesia Battles Three Major Cyberattack Claims in One Week

Hackers have recently carried out allegedly three major cyberattacks on key Indonesian establishments. Last week, a ransomware attack on Indonesia’s national data center has disrupted official government services including immigration services at airports. The attack has reportedly affected more than 200 government agencies at national and regional levels. The attack was carried out by LockBit 3.0 ransomware, a variant known for encrypting victims’ data and demanding payment for its release. The attackers had offered a decryption key in exchange for an $8 million ransom. The AFP however reported that the Indonesian government though refused to pay the ransom but admitted that the cyberattack would have been rendered useless if there was a backup to the main server. Earlier this week, a hacker “MoonzHaxor” had claimed to have breached Indonesian Military's (TNI) Strategic Intelligence Agency (Bais) and offered to sell this data for $1,000 USD. The same hacker had announced breaching Indonesia's Automatic Finger Identification System (Inafis) owned by the National Police (Polri). The data reportedly includes fingerprint images, email addresses, and SpringBoot application configurations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Credit Suisse, a global investment bank and financial services firm, has reportedly fallen victim to a cyberattack. The Credit Suisse data breach was allegedly masterminded by a threat actor (TA), operating under the alias “888,” on the data hack site BreachForums. The TA claims to have accessed highly sensitive data of the bank and posted it on the dark web marketplace. According to the the threat actor, the data breach contains personal information of about 19,000 of the bank’s Indian employees.

Credit Suisse Data Breach Details

Credit Suisse was founded in 1856 and has approximately $15.21 Billion in revenue. It is one of the leading institutions in private banking and asset management, with strong expertise in investment banking. On June 25, 2024, the threat actor claimed to have carried out a cyberattack on the bank and exfiltrated details on 19,000 of its users. [caption id="attachment_79024" align="alignnone" width="1622"] Source: X[/caption] The breached data purportedly includes names of employees, 6,623 unique email addresses, their codes, date of birth, gender, policy name, relationships, dates of joining, effective dates, statuses, and entities. To substantiate the claim, the threat actor 888 provided a sample of the data breach, which contains details of Credit Suisse employees in India. [caption id="attachment_79025" align="alignnone" width="1362"] Source: X[/caption] The TA, however, did not provide a specific price for the sale of data and has requested potential buyers to quote a figure. The hacker commented that they are only accepting cryptocurrency as the mode of payment. More specifically, the hacker was open to payment on Monero (XMR), a digital currency renowned for its privacy and anonymity attributes. This method of payment is often utilized in illegal transactions to evade detection. Despite these claims by the threat actor, a closer inspection reveals that the bank’s website is currently functioning normally, showing no signs of a security breach. The Cyber Express has reached out to the bank to verify the alleged cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified.

Not the First Credit Suisse Data Breach

This is not the first time that Credit Suisse has been involved in a security breach. According to a report published in The Economic Times, in 2023, the bank warned its staff that a former employee stole personal data of its employees, including salaries and bonuses. The information included salary and "variable compensation" for a period between 2013 and 2015. Another Bloomberg report said that a data breach in 2023 impacted numerous former Credit Suisse clients who collectively held a staggering $100 billion in accounts.

Credit Suisse Hacker Targeted Big Multinationals Recently

There are many concerns over the potential misuse of sensitive information found in the data breach, which includes customer names, dates of birth, and relationships. Credit Suisse should investigate the data breach claims considering the history of the threat actor. Earlier this month, the TA 888 claimed to have stolen data of over 32,000 current and former employees of Accenture. The company, however, denied the claims and said that the data set published by the hacker had only three employee names and email addresses. The hacker also claimed responsibility for leaking details about 8,174 employees of Heineken across several countries. Prior to this, 888 also staked claims for an attack on oil and gas multinational Shell.  The TA posted sample information sharing personal details of Australian customers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.