When we speak about the numerous cyberattacks that have been orchestrated in brazen campaigns of late, one thing stands out – threat actors breach an organization’s system to access critical files through a loophole, which then exposes the entire system to the attackers.
Although recent times have seen the hacking of victims such as Garmin who ended up parting with millions of dollars for ransom, it appears that threat actors have not restricted their sights to private sector entities – the Royal Malaysian Navy is the latest victim.
Media reports have intimated that about 70 documents belonging to Malaysian Navy were accessed by unknown hackers who uploaded them to a darknet platform.
According to Singapore’s English-language daily newspaper The Straits Times, it turns out that the affected documents were sourced from different threat actors who breached the communication channels belonging to the Malaysian military – including personnel email accounts.
While the newspaper reported the uncertainty to whether the hackers intended to sell the uploaded documents, it was revealed that the affected information touched on details concerning the strength of the Malaysian Navy.
The documents bore information about the number of soldiers deployed to Malaysian naval and army bases in 2019 during a public holiday, and a list of senior and junior-ranking military officials said to be indiscipline, using drugs or implicated in corruption cases.
Further, The Straits Times reported that their study of the dark web portal involved in the cyber leak revealed that the hackers had also uploaded documents belonging to foreign entities – which were reportedly accessed by hackers who targeted the email accounts belonging to foreign officials.
Specifically, the other documents are said to belong to the Nigerian Navy, the Army and Air Force of the United States, including a host of defense contractors.
It turns out that a July 2019 letter of U.S. diplomatic significance was among the leaked documents – with investigating parties noting that the letter was meant to ask for the berthing of a U.S. Navy vessel at a Malaysian port. The letter had technical details concerning the ship’s radar system and frequencies used by its communication equipment.
The media report also harnessed the opinion of security and intelligence pundits on the matter, with a number of experts noting the common nature of similar data breaches across various spheres.
According to Mikko Niemela, Chief Executive for Cyber Intelligence House, leaked documents such as those belonging to the Malaysian Navy are usually posted on dark web forums and markets where interested buyers may obtain the data in exchange for Bitcoin.
The purpose of crypto-enabled sales in stolen documents is to ensure the anonymity of buyers and sellers who exist in darknet platforms that specialize in cybercriminal merchandise. It is for this reason that almost all high profile data leaks have resulted in the occurrence of uploaded victim data on the dark web.
However, it is worth noting that some threat actors choose to share leaked data for free as opposed to pursuing huge ransom payouts from target victims.
Documents Obsolete, Navy Says
In an August 17 press statement, the Malaysian Navy acknowledged reports of the cyberattack by confirming its knowledge about the data leak. It also claimed that the military has embarked on investigating the matter to figure out the cause and source of the attack.
Nonetheless, the Navy insisted that the documents that were affected were not critical – and thus the cyberattack did not hamper military operations by any degree.
The statement spelled that critical the Royal Malaysian Navy’s information and communication technology system is so far intact as the Malaysian Armed Forces Headquarters’ Cyber Defense Operations Center monitors the situation closely.