KUALA LUMPUR: The hacker group ROOTK1T, which claimed responsibility for yesterday's attack on the National Population and Family Development Board (LPPKN) database, is suspected to be targeting Muslim countries.
According to the cybersecurity company Kaspersky, which actively tracks and researches various malicious actors, including hacker groups, ROOTK1T appears to be a classical politically-driven hacktivist group.
The company's director of the Global Research and Analysis Team (GReAT) for Asia Pacific (APAC), Vitaly Kamluk, said that the group's activity started between October and November last year.
"In early November, they started their own Telegram channel where they keep posting threatening messages and screenshots of hacking proofs," he told the New Straits Times.
In NST's report yesterday, the ROOTK1T group claimed to have hacked the Central Database Hub (Padu) website and stolen 27 terabytes (TB) of Malaysian data in exchange for the Malaysian government acknowledging its cyber attack on Malaysia.
However, Economy Minister Rafizi Ramli, via a tweet on X, clarified that it was actually the LPPKN database.
"Their (ROOTK1T) activity started with expressing support for Israel after the Hamas attack in October 2023. Since then, they have mainly targeted Muslim countries and territories, including Iran, Lebanon, Qatar, Palestinian autonomy, Malaysia, and even France," said Kamluk.
"Their typical activity includes compromising and leaking sensitive information. They don't seem to pursue financial interest, unlike many other hacktivist groups," he added.
Commenting on where the attack could have originated, Kamluk said, "Hackers could operate from anywhere in the world. However, our analysis shows that the group is most active during the daytime, which falls into the Middle Eastern timezone (around UTC+3)."
So far, there's no information on how the ROOTK1T group managed to break into LPPKN's database.
"It is best we wait for an official response about this; we do not have first-hand information on the investigation," he said.
Kamluk warned that such incidents could result in loss of access to critical information, damage to reputation and temporary loss of ability to use and provide services.
He suggested that companies and government agencies follow good cybersecurity hygiene approaches, including cybersecurity training for employees, conducting risk assessments to evaluate potential risks that might compromise network security, keeping software updated, limiting access to sensitive data by restricting the number of people with access to critical data to a minimum, using secure WiFi networks and virtual private networks, and ensuring that third parties dealing with the company's data and systems are also secure.
