KUALA LUMPUR – The National Population and Family Development Board (LPPKN) has confirmed a cyberattack on its iKnow server while assuring that the information affected was meant for internal reference.
As such, it said its usual services will not be affected.
It also clarified that the attack on February 19 by the hacker group R00TK1T was not on the federal government’s Padu or central database system, but rather a unit within LPPKN with the same acronym.
“The attack was not on Padu as spread on social media but refers to LPPKN’s iKnow system which is also named Padu, and is a unit within LPPKN.
“The folder affected only involves documents related to pre and post-programmes implemented by the Padu unit that no longer exists,” LPPKN said in a statement.
“LPPKN assures that our services remain unaffected as the server affected only contained files for internal referencing.
“Steps to restore and strengthen the system were taken on the same day as the attack. The affected folders are being thoroughly scanned to ensure there is no malware in the server environment,” it added.
The cyberattack was reported on Lowyat.net which said the Padu central database hub and LPPKN’s “security infrastructure” had been compromised, citing R00TK1T’s claims.
The hacker group also claimed it stole more than 27TB worth of data from LPPKN servers.
After an initial uproar on social media over the supposed hacking of the central Padu database, Economy Minister Rafizi Ramli, on X last night, said that this was untrue.
Meanwhile, R00TK1T on its Telegram channel said that it plans to launch a series of “targeted attacks” on various government websites and systems today.
The message, directed to the National Cyber Coordination and Command Centre (NC4) which oversees cyber crisis management, was posted at 7.09pm.
“It has come to our attention that while you (NC4) have issued statements regarding cyber threats and provided recommendations for businesses to secure their operations, there seems to be a lack of focus on fortifying your own defences.
“This oversight only serves to highlight vulnerabilities within your own systems, showcasing a failure to prioritise your own security…the chaos has just begun,” the group said.
Earlier today, Digital Minister Gobind Singh Deo said that the ministry is looking into claims that LPPKN’s security infrastructure has been breached and its data stolen.
The minister said that a statement on the matter will be released either today or tomorrow once further details have been obtained. – February 20, 2024