Reading:
Why are Threat Actors Targeting Indonesia?

Why are Threat Actors Targeting Indonesia?

September 16, 2022

On September 3, Indonesia hiked fuel prices by 30%, stating that petrol and diesel prices are still low by world standards, but subsidies are unsustainable. On the other hand, in the background of political decisions in Indonesia, many citizens are against and protest the present government. Therefore, this rise in fuel prices has caused people from distinct minorities to protest the government. Lately, university students, workers, and people with conservative beliefs have acted against this decision and have been protesting the government.

University students protesting the government with the hike in subsidized fuel prices in Jakar, Indonesia
University students protesting the government with the hike in subsidized fuel prices in Jakar, Indonesia

Indonesia is Becoming a Target in Cyberspace 

With all the political drama Indonesia has found itself in, a threat actor with the nickname “Bjorka” has begun publishing leaks of Indonesian enterprises, some of which belong to government agencies.

Bjorka’s BreachForums posts targeting Indonesian enterprises
Bjorka’s BreachForums posts targeting Indonesian enterprises

Bjorka’s posts include database leaks of a private internet service provider and communication company, database leaks of an Indonesian e-commerce company, phone number data belonging to Indonesian citizens, a database including citizenship information of Indonesians, and sensitive data belonging to the Indonesian government. 

In some posts, Bjorka tried to sell the leaked data, whereas, in other posts, the threat actor simply shared the leaks without wanting anything in return. 

Active on Both Twitter and Telegram 

In addition to BreachForums, Bjorka has also been highly active on both Twitter and Telegram, attracting the attention of Indonesian people and quickly becoming famous. Even though Bjorka’s accounts were suspended multiple times, Bjorka has continued to create new accounts and pursue his objectives.

Screenshot of Bjorka’s suspended Twitter account
Screenshot of Bjorka’s suspended Twitter account

With his posts and leaks against the Indonesian government, Bjorka has become a folk hero of Indonesians. Bjorka has become very popular, and many Indonesians have been following Bjorka’s activities against their government.

One of Bjorka’s suspended Telegram groups
One of Bjorka’s suspended Telegram groups

Following the Footsteps of Bjorka 

In addition to Bjorka, many other threat actors have begun leaking sensitive data belonging to Indonesian companies. The following post includes the leak of private documents and complete databases of the Research and Development Center of the Indonesian National Police.

BreachedForums post including the leak of national police private documents and databases
BreachedForums post, including the leak of national police private documents and databases

Why Indonesians are Supporting Bjorka?

Since many citizens are against the government and the government’s political decisions, Indonesians have started supporting cyber activities opposing the government. Bjorka has been the number one threat actor carrying out the leaks, and below, you can see a screenshot of a BreachForums user declaring why Indonesians are supporting Bjorka. In the post, the user states that the government officials are incompetent and the security systems of ministries are weak.

BreachForums post that shows the support for Bjorka and its activities against the Indonesia government
BreachForums post that shows the support for Bjorka and its activities against the Indonesia government

Some People are not Happy About the Cyber Attacks 

Although many citizens have supported Bjorka, some are against Bjorka and all these cyber attacks. These people state that even though Bjorka has stood by the Indonesian people, Bjorka and other threat actors are still criminals, causing the Indonesian people’s sensitive data to get leaked. As in the following post, a BreachForums user criticizes people who idolize and support Bjorka.

BreachForums post criticizing Bjorka supporters
BreachForums post criticizing Bjorka supporters

Recommendations for Indonesian Companies 

We have seen that following Bjorka, multiple threat actors have started targeting Indonesian companies. SOCRadar CTIA team suggests that even though threat actors mainly target governmental organizations, private companies should look out for potential cyber-attacks. 

  • Companies should follow data leaks to detect leaks belonging to their organization. 
  • Companies should be ready to take action quickly in case of a data breach. It is crucial to reduce incident response time to minimize the damage in the aftermath of a cyberattack. 
  • In the aftermath of a breach, users and customers should be notified since the leaked data could result in more breaches. 
  • Companies should consider that threat actors could use the leaked data to carry out more cyber attacks. Companies should take precautions to prevent more breaches.


References:

[1] https://www.channelnewsasia.com/asia/indonesia-fuel-price-hike-protests-jakarta-subsidies-2922496