Subj : Indonesian cybercrime net
To   : All
From : Mike Powell
Date : Tue Dec 09 2025 09:05:56

National cybercrime network operating for 14 years dismantled in Indonesia

Date:
Mon, 08 Dec 2025 19:15:00 +0000

Description:
A large network of domains, malware, and stolen credentials, has been making
rounds for 14 years.

FULL STORY

Security researchers have uncovered enormous cybercrime infrastructure in
Indonesia thats been operating unabated for more than 14 years. 

The length of the operation, the domains included, the malware circulated, 
and the data being sold on the black market, were all so big that the
researchers - Malanta.ai - said the campaign resembles a nation-state 
campaign more than that of simple cybercriminals. 

What began as simple gambling websites has evolved into a global, 
well-funded, sophisticated, state-sponsored-level attack infrastructure
operating across web, cloud, and mobile, Malanta said in a recently published
blog. 

Is the government involved?

As per the report, the operation had been active since at least 2011. The
operators controlled more than 320,000 domains, including over 90,000 hacked
and hijacked ones. They also controlled over 1,400 compromised subdomains, 
and 236,000 purchased ones - all used to redirect users to illegal gambling
platforms. 

To make matters worse, some of the compromised subdomains were on government
and enterprise servers. In some instances, the threat actors deployed
NGINX-based reverse proxies to kill TLS connections on legitimate government
domain names, thus hiding their C2 traffic as legitimate government comms. 

Then, there is the malware ecosystem - the researchers found thousands of
malicious Android applications, distributed through public infrastructure
(Amazon Web Services S3 buckets). 

These apps served as droppers, posing as legitimate gambling platforms while
deploying malware that granted full access to the compromised devices in the
background. The backdoors were getting their commands straight from another
piece of public infrastructure - Googles Firebase Cloud Messaging service. 

This resulted in more than 50,000 stolen login credentials from gambling
platforms, countless infected Android devices , and hijacked subdomains
circulating the dark web. 

What if this ecosystem isnt simply cybercrime? the researchers speculated. 

Normally, the scope, scale, and financial backing behind this infrastructure
align far more closely with the capabilities typically associated with
state-sponsored threat actors. 

 Via Cybersecuritynews 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/national-cybercrime-network-operating-f
or-14-years-dismantled-in-indonesia

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

.