Malaysian operator Maxis has been reportedly hit by a cyberattack from an international hacking group that claims to have stolen internal data and posted it on the dark web.
On Monday, according to the Soya Cincau website, the R00TK1T ISC Cyber Team posted several screenshots purported to be a backend system belonging to Maxis. The group said it would start releasing Maxis customer data in the following few days.
Later on Monday, Maxis said in a statement that it was investigating the claim.
“While we did not identify anything related to our own systems, we identified a suspected incident involving unauthorised access to one of our third-party vendor systems that resides outside of Maxis’ internal network environment” the telco said. “We are working with them to investigate further and have also informed the relevant authorities.”
Maxis didn’t name the third-party vendor, or say whether the incident was related to the claims made by R00TK1T.
On Tuesday, according to Cyber Express, R00TK1T posted details of the alleged cyberattack on the dark web and on its Telegram channel. The group claimed to have exploited a compromised single sign-on user access to the FortiGate Firewall, which gave it access to sensitive Maxis employee data, including employee IDs, names, business emails, and work locations at Maxis retail stores.
R00TK1T also posted stolen Maxis data such as “MAC addresses, connection details on the Maxis Wi-Fi network, and administrative access to the Maxis Interactive Retail Assistant (MIRA) dashboard”, the Cyber Express report said.
R00TK1T said it would continue to release data until Maxis publicly admits that it was breached. Maxis had not responded to the latest claims as we went to post.
The Maxis cyberattack is part of a broader campaign by R00TK1T, which issued a statement on January 26 announcing its intention to attack Malaysia’s digital infrastructure. Since then, the group has claimed to have successfully hacked Malaysian network solutions and system integrator Aminia and online education website YouTutor.
On January 30, Malaysia's Natonal Cyber Coordination and Command Centre (NC4) issued an alert warning all Malaysian organisations to implement essential preventive measures in order to safeguard against attacks.
NC4 also said it believes R00TK1T is "part of a retaliation team against the cyber campaign stemming from the Middle East conflict. Historical data reveals that the threat actor has previously targeted various sectors in multiple countries, including education, transportation, healthcare, telecommunications, and ICT services, by exploiting known vulnerabilities and enlisting the assistance of insider threats and disgruntled employees."
NC4 also advised the R00TK1T campaign could last for several weeks.