KUALA LUMPUR – Just a day after asserting the safety of their banking systems, over 463GB of what are believed to be private files from Bank Rakyat have been leaked online by cybercriminals.
The public first became aware of the breach on September 10, when cyber threat monitor FalconFeeds tweeted that Bank Rakyat had fallen victim to a ransomware attack.
https://x.com/FalconFeedsio/status/1833411115206029493
The perpetrators behind the attack are believed to be the elusive cybercriminal group, Hunters International. For the record, the group is not related to a Malaysian Human Resources company that carries the same name.
A check on the Hunters International leak site revealed a ransom note addressed to Bank Rakyat, posted on September 10. However, it was later removed. Speculation suggests that Bank Rakyat may have attempted negotiations with the cybercriminals, though this remains unverified.
Bank Rakyat has yet to respond to requests from Scoop for comment on the matter.
Who are Hunters International?
On August 26, public transport operator Prasarana Malaysia Bhd saw 316GB of private files leaked on the dark web following a ransomware attack carried out by RansomHub, a cybercriminal group with suspected ties to Russia.
However, little is known about Hunters International in comparison to RansomHub.
According to IT firm Netenrich, Hunters International operates as a Ransomware-as-a-Service (RaaS) platform, similar to RansomHub. This suggests that they rent or sell malicious software to individuals or groups looking to execute ransomware attacks.
Netenrich also noted that the tools used by Hunters International seem to be an offshoot of malware developed by Hive, a ransomware group dismantled by the US Department of Justice in early 2023.
While the true identity of the Hunters International group remains unknown, Netenrich speculates that they may be based in either Nigeria or Russia. However, it also warned that any data hinting at their location might be a deliberate attempt to obscure their real identities.
Bank Rakyat’s CCRIS and AMLA data leaked?
On September 17, FalconFeeds posted on X that Bank Rakyat had reappeared on Hunters International’s leak site, with the cybercriminals claiming to have released all the data they had exfiltrated.
Scoop has verified that Hunters International is claiming to have leaked 144,015 files from Bank Rakyat, totalling 463.2GB.
Among these files, two folders were labelled ‘ccris’ and ‘AMLA’, suggesting they contain sensitive data related to the Central Credit Reference Information System (CCRIS) and anti-money laundering activities.
One file within the ‘AMLA’ folder is titled ‘suspicious transactions’, while a spreadsheet in the ‘ccris’ folder appears to contain a list of bank account numbers.
On September 16, Bank Rakyat issued a statement assuring customers that their banking systems remain secure, despite allegations of the ransomware attack. The bank confirmed that it had reported the incident to the authorities and that business operations continued as usual. – September 25, 2024