Introduction

The National Cyber Coordination and Command Centre (NC4) has observed an increase in hacktivist activities targeting Malaysian government agencies, organisations, and educational institutions following recent regional developments, including the maritime incident involving the Malaysian Maritime Enforcement Agency (MMEA) and Indonesian citizens.

In light of this threat, NC4 urges System and Network Administrators to review and implement immediate and comprehensive cybersecurity measures to safeguard systems and networks against potential intrusions.

Impact

The ongoing cyber campaign has led to:

• Unauthorised access to systems and networks
• Website defacements
• Potential data leaks, including personally identifiable information (PII)

Government agencies, military-linked institutions, and other critical sectors remain the primary targets.

Brief Description

NC4 has identified that the threat actors, claimed to be Indonesian hacktivist groups, have formed alliances and are actively launching cyberattacks against Malaysian entities. Their tactics include:

• Website defacements
• Credential leaks
• Unauthorised access
• Distributed Denial-of-Service (DDoS) attacks

These activities are believed to be retaliatory in nature, linked to the recent maritime incident. Intelligence indicates that many of these attacks exploit stolen credentials, likely obtained through malware infections.

Given the potential for this campaign to persist over the coming weeks, NC4 strongly advises all organisations to adopt robust preventive measures to mitigate risks. Failure to act swiftly could lead to operational disruptions, data breaches, and the compromise of critical infrastructure.

Recommendation

Organisations are advised to take immediate action to mitigate potential threats, including:

1. Conduct a comprehensive review of access logs for all compromised domains to identify unauthorised activities.
2. Reset passwords across affected systems and enforce multi-factor authentication (MFA) to reduce the risk of credential misuse. Organisations are encouraged to integrate MyDigital ID as a secure authentication mechanism to enhance identity verification and reduce reliance on traditional credentials.
3. Ensure all critical ICT assets are updated with the latest security patches to prevent exploitation.
4. Enhance security monitoring to detect and respond to suspicious login attempts, mass scanning activities, and unauthorised access attempts.
5. Educate employees and clients about malware threats and encourage them to have endpoint protection like antivirus or EDR to boost up defense against infostealer malware especially on their personal device.
6. Review firewall configurations and restrict access to critical ports to minimize the attack surface.
7. Isolate compromised systems, reset credentials, and follow incident response protocols to contain and remediate security breaches.
8. Maintain regular offline backups of critical data to facilitate recovery in case of data loss.
9. Report any anomalies or suspicious activities to NC4, as stated in Act 854, for further investigation.