PT KAI Indonesia Suffers Major Cyber Attack from STORMOUS, Data Breach Feared

PT KAI Indonesia Suffers Major Cyber Attack from STORMOUS, Data Breach Feared

In a shocking turn of events, on January 14, 2024, PT KAI Indonesia, a major transportation company, fell victim to a coordinated cyber attack by the notorious ransomware group, STORMOUS, and the masterminds behind the scenes, The Five Families. The threat actors boldly claimed to have successfully breached the company's defenses, gaining access to a trove of sensitive data, including login portal details and corporate documents.

STORMOUS revealed their modus operandi, boasting of infiltrating PT KAI's internal network through the company's private VPN and compromising multiple employee accounts. Once inside, the threat actors navigated through various dashboards, systems, warehouses, and network access points, downloading a substantial amount of critical company data. The exposed data types include employee information, customer details, railway tax records, company projects, internal system data, corporate notes, Geographic Information System (GIS) data, exchange system details, railway cargo information, and more.

Figure 1: Evidence access VPN PT KAI

The claim made by STORMOUS raises grave concerns, particularly regarding the expansive reach of the threat actors with internal VPN access to PT KAI. The scope of this breach suggests a potential compromise through spearphishing or the acquisition of malicious files via phishing attempts, or worse, the purchase of log stealers in the cyber underground.

Adding to the complexity of the situation, it has been revealed that The Five Families orchestrated the attack, possibly in affiliation with the STORMOUS ransomware group. STORMOUS, not content with the breach alone, went on to promote the pilfered PT KAI data on the dark web, attaching a price tag of [11.69] BTC.

The total volume of data exfiltrated by The Five Families and STORMOUS remains unknown, as the cybercriminals have issued a chilling ultimatum, allowing a 15-day window before the full extent of the breach is unveiled.

This cyber onslaught underscores the pressing need for heightened cybersecurity measures. Organizations are urged to bolster their defenses, conduct regular employee training to thwart phishing attempts, and collaborate with law enforcement to mitigate the potential fallout from data breaches and ransomware attacks. As PT KAI grapples with the aftermath, the broader cybersecurity community must adapt and fortify strategies to counteract the evolving tactics of cyber adversaries.