Maxis, a leading Malaysian operator, has been targeted by a cyberattack allegedly carried out by an international hacking group. The group, known as R00TK1T ISC Cyber Team, has claimed to have stolen internal data from Maxis and has posted it on the dark web, creating significant concerns about the security of the telecommunications company.
According to a report by Soya Cincau, the hacker group posted several screenshots on Monday that were purported to be a backend system belonging to Maxis. The R00TK1T ISC Cyber Team also issued a statement indicating its intentions to release Maxis customer data in the coming days. While Maxis acknowledged the claim and stated that they were investigating the incident, they also emphasized that they did not find anything related to their own systems being compromised. However, they did identify a suspected incident involving unauthorized access to one of their third-party vendor systems. Maxis assured that they are working closely with the vendor to further investigate the matter and have reported the incident to the relevant authorities.
Although Maxis did not disclose the name of the third-party vendor or confirm whether the attack was linked to the claims made by R00TK1T, concerns have been mounting as the situation unfolds. Cyber Express reported that R00TK1T shared details of the alleged cyberattack on the dark web and their Telegram channel, stating that they had exploited a compromised single sign-on user access to the FortiGate Firewall. This allowed them access to sensitive Maxis employee data, including employee IDs, names, business emails, and work locations at Maxis retail stores. The hacker group also disclosed that they had obtained stolen Maxis data such as MAC addresses, connection details on the Maxis Wi-Fi network, and administrative access to the Maxis Interactive Retail Assistant (MIRA) dashboard. The severity and scale of the data breach underscore the potential risks and implications for Maxis and its customers.
Warning that they would continue to release data until Maxis publicly admits that it was breached, R00TK1T has yet to receive a response from the telecommunications company. This cyberattack on Maxis is part of a larger campaign by R00TK1T, which announced its intention to target Malaysia’s digital infrastructure on January 26. Since then, the group claims to have successfully hacked other Malaysian entities, including network solutions and system integrator Aminia and the online education website YouTutor.
Amidst these developments, Malaysia’s National Cyber Coordination and Command Centre (NC4) has issued an alert advising all Malaysian organizations to implement essential preventive measures to protect against potential attacks. NC4 has also indicated that R00TK1T is believed to be “part of a retaliation team against the cyber campaign stemming from the Middle East conflict.” The group’s historical activities have targeted various sectors in multiple countries, leveraging known vulnerabilities and enlisting the assistance of insider threats and disgruntled employees.
Additionally, NC4 has cautioned that the R00TK1T campaign could persist for several weeks, raising concerns about the sustained and potential impact on Malaysia’s digital infrastructure and cybersecurity landscape. As Maxis and other organizations grapple with the aftermath of these cyberattacks, there is a growing awareness of the need for heightened cybersecurity measures and the urgency to mitigate risks in an increasingly interconnected digital environment. The evolving threat landscape underscores the critical importance of robust cybersecurity protocols and collaborative efforts to safeguard against potential breaches and protect sensitive data.