TZUTC: -0500   
   MSGID: 1815.consprcy@1:2320/105 2d9d69db   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   National cybercrime network operating for 14 years dismantled in Indonesia   
      
   Date:   
   Mon, 08 Dec 2025 19:15:00 +0000   
      
   Description:   
   A large network of domains, malware, and stolen credentials, has been making   
   rounds for 14 years.   
      
   FULL STORY   
      
   Security researchers have uncovered enormous cybercrime infrastructure in   
   Indonesia thats been operating unabated for more than 14 years.    
      
   The length of the operation, the domains included, the malware circulated,    
   and the data being sold on the black market, were all so big that the   
   researchers - Malanta.ai - said the campaign resembles a nation-state    
   campaign more than that of simple cybercriminals.    
      
   What began as simple gambling websites has evolved into a global,    
   well-funded, sophisticated, state-sponsored-level attack infrastructure   
   operating across web, cloud, and mobile, Malanta said in a recently published   
   blog.    
      
   Is the government involved?   
      
   As per the report, the operation had been active since at least 2011. The   
   operators controlled more than 320,000 domains, including over 90,000 hacked   
   and hijacked ones. They also controlled over 1,400 compromised subdomains,    
   and 236,000 purchased ones - all used to redirect users to illegal gambling   
   platforms.    
      
   To make matters worse, some of the compromised subdomains were on government   
   and enterprise servers. In some instances, the threat actors deployed   
   NGINX-based reverse proxies to kill TLS connections on legitimate government   
   domain names, thus hiding their C2 traffic as legitimate government comms.    
      
   Then, there is the malware ecosystem - the researchers found thousands of   
   malicious Android applications, distributed through public infrastructure   
   (Amazon Web Services S3 buckets).    
      
   These apps served as droppers, posing as legitimate gambling platforms while   
   deploying malware that granted full access to the compromised devices in the   
   background. The backdoors were getting their commands straight from another   
   piece of public infrastructure - Googles Firebase Cloud Messaging service.    
      
   This resulted in more than 50,000 stolen login credentials from gambling   
   platforms, countless infected Android devices , and hijacked subdomains   
   circulating the dark web.    
      
   What if this ecosystem isnt simply cybercrime? the researchers speculated.    
      
   Normally, the scope, scale, and financial backing behind this infrastructure   
   align far more closely with the capabilities typically associated with   
   state-sponsored threat actors.    
      
    Via Cybersecuritynews    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/national-cybercrime-network-operating-f   
   or-14-years-dismantled-in-indonesia   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426