Subj : National cybercrime network operating for 14 years dismantled in To : All From : TechnologyDaily Date : Mon Dec 08 2025 19:30:08 National cybercrime network operating for 14 years dismantled in Indonesia Date: Mon, 08 Dec 2025 19:15:00 +0000 Description: A large network of domains, malware, and stolen credentials, has been making rounds for 14 years. FULL STORY ======================================================================Malanta. ai uncovered a 14year cybercrime infrastructure in Indonesia, resembling statesponsored operations Network spans 320K+ domains, hijacked government subdomains, and thousands of malwareladen Android apps Campaign stole 50K+ gambling credentials, used AWS and Firebase for C2, raising nationstate suspicions Security researchers have uncovered enormous cybercrime infrastructure in Indonesia thats been operating unabated for more than 14 years. The length of the operation, the domains included, the malware circulated, and the data being sold on the black market, were all so big that the researchers - Malanta.ai - said the campaign resembles a nation-state campaign more than that of simple cybercriminals. What began as simple gambling websites has evolved into a global, well-funded, sophisticated, state-sponsored-level attack infrastructure operating across web, cloud, and mobile, Malanta said in a recently published blog. Catch the price drop- Get 30% OFF for Enterprise and Business plans The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal Is the government involved? As per the report, the operation had been active since at least 2011. The operators controlled more than 320,000 domains, including over 90,000 hacked and hijacked ones. They also controlled over 1,400 compromised subdomains, and 236,000 purchased ones - all used to redirect users to illegal gambling platforms. To make matters worse, some of the compromised subdomains were on government and enterprise servers. In some instances, the threat actors deployed NGINX-based reverse proxies to kill TLS connections on legitimate government domain names, thus hiding their C2 traffic as legitimate government comms. Then, there is the malware ecosystem - the researchers found thousands of malicious Android applications, distributed through public infrastructure (Amazon Web Services S3 buckets). These apps served as droppers, posing as legitimate gambling platforms while deploying malware that granted full access to the compromised devices in the background. The backdoors were getting their commands straight from another piece of public infrastructure - Googles Firebase Cloud Messaging service. This resulted in more than 50,000 stolen login credentials from gambling platforms, countless infected Android devices , and hijacked subdomains circulating the dark web. What if this ecosystem isnt simply cybercrime? the researchers speculated. Normally, the scope, scale, and financial backing behind this infrastructure align far more closely with the capabilities typically associated with state-sponsored threat actors. Via Cybersecuritynews Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. ====================================================================== Link to news story: https://www.techradar.com/pro/security/national-cybercrime-network-operating-f or-14-years-dismantled-in-indonesia --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .