In relation to the previous alert NC4-ALR-2023-000004 dated 26 October 2023, the National Cyber Coordination and Command Centre (NC4) has observed that a threat actor has made an announcement to launch cyber attacks on Malaysian infrastructure in general, which, based on historical campaign data, include web defacement, stealing confidential documents, and network intrusion with or without insider help. In this regard, NC4 would like to remind System Administrators and Network Administrators to immediately implement adequate cyber security measures to ensure the systems and networks are secured at all times.
Possible information leakage includes personal identifying information (PII) and intellectual property (IP), web defacement, and service disruption.
All operating systems, web servers and online services.
NC4's recent cyber threat intelligence analysis has identified the "R00TK1T ISC CyberTeam" as the threat actor that recently announced their intention to initiate a campaign specifically targeting infrastructure in Malaysia via their Telegram channel on 26 January 2024. Although the exact date and duration of the attacks are unknown, it is believed that the threat actor was part of a retaliation team against the cyber campaign stemming from the Middle East conflict. Historical data reveals that the threat actor has previously targeted various sectors in multiple countries, including education, transportation, healthcare, telecommunications, and ICT services, by exploiting known vulnerabilities and enlisting the assistance of insider threats and disgruntled employees.
Considering the potential duration of this campaign, which could span several weeks, NC4 strongly advises all Malaysian organisations to implement essential preventive measures in order to safeguard against this attack. Failure to do so could result in operational disruptions and compromise the security of the organisation's infrastructure, data, and systems.
Organisations are advised to be vigilant and to take the following actions: