Indonesian Ministry of Health Suffers Data Breach, Credentials and INA-CBG System Hacked

Indonesian Ministry of Health Suffers Data Breach, Credentials and INA-CBG System Hacked

On September 17, 2023, AnonGhost, a prominent hacktivist group known for their frequent hacktivism campaigns, claimed responsibility for a cyber intrusion into the official website of the Republic of Indonesia's Ministry of Health, commonly referred to as "Kementrian Kesehatan Republik Indonesia" or "Kemkes."

Contained within the data shared on AnonGhost's pastebin were SSH access credentials and web server configurations related to the INA-CBG (Indonesia Case-Based Groups) website affiliated with the Ministry of Health. However, the exact source of the breach remains uncertain, as the data provided includes requests made to the PHP info page of the Kemkes subdomain.

Figure 1: Credentials of Kemkes INA-CBG

The data shared by the threat actor, as uncovered by Cyber Defense Insight, revealing unauthorized access to the internal SSH infrastructure of Kemkes, poses a severe and imminent threat to the affected organization. This breach underscores the vulnerability of critical internal systems and the potential for significant harm, including data breaches and the compromise of sensitive information, to the impacted entity. 

It is crucial to note that the Ministry of Health (Kemkes) has experienced multiple data breaches in the past, making the security of their server infrastructure a matter of significant concern. This recent breach is reminiscent of earlier incidents, including the posting of Kemkes' database on a hacking forum in 2022, exposing a staggering 23 million antigen-related records. In 2023, a breach also occurred at the Covid-19 Yankees Directorate within a Manado hospital.

This recurring pattern of security breaches should serve as a valuable lesson, prompting the Ministry of Health to take proactive measures to fortify their systems and address any vulnerabilities that threat actors may exploit.

By highlighting these events and emphasizing the importance of enhanced cybersecurity measures, we aim to raise awareness within the organization and among the public, ultimately contributing to a more secure digital environment.