The internal networks of ten of Indonesia’s government organizations, including the country’s intelligence agency Badan Intelijen Negara (BIN), were allegedly breached by hackers originating from China, according to a report by cybersecurity news publication, The Record.

Insikt Group, the threat research division of cybersecurity company Recorded Future, discovered the breach in April. The intrusion is suspected to be linked to a hacker group called Mustang Panda, which is also known as Bronze President, HoneyMyte, and Red Lich. Insikt’s researchers detected Mustang Panda-operated command and control servers that utilize PlugX malware communicating with hosts inside the networks of Indonesia’s government agencies since March 2021. PlugX is a trojan that grants remote access and control over an infected device.

The researchers notified Indonesian authorities, including BIN, in June and July but received no response. However, authorities took steps to identify and cleanse the infected systems in August, according to a source who spoke to The Record.

Mustang Panda has been an active cybersecurity threat since at least 2017. The hacker group allegedly targets telco companies based in Southeast Asia, Europe, and the United States, with a strong interest in enterprises in Germany and Vietnam, according to a report by McAfee. The group aims to gain access to the telcos’ internal networks to steal sensitive information related to 5G technology. In June, the same group was a suspect in a hack of the website of the Myanmar president’s office. Specifically, it hid a trojan in a font package that was available for download on the site.

Responding to Mustang Panda’s activity in Indonesian cyberspace, IT minister Johnny G Plate said that his ministry will work with the National Cyber and Encryption Agency (BSSN) to investigate the alleged breach. “Information like this needs to be checked. There is a code of conduct and procedures we need to take [for investigation],” he told local media outlet Detik.

Last month, researchers of cybersecurity firm vpnMentor reported that the personal data of 1.3 million users of the country’s electronic Health Alert Card, or eHAC “test and trace” program, was purportedly exposed when it was stored on an open server due to poor data privacy protocols. After the report was released, BSSN said no eHAC data was leaked and sold on the dark web. Even so, the agency acknowledged that it had found a vulnerability on eHAC’s partner platform and authorities had quickly patched the system.

Check this out: Data leaks hit Indonesia’s tech scene