Bank Rakyat Hit by Major Ransomware Attack by Hunters International

Incident Date:

September 10, 2024

World map

Overview

Title

Bank Rakyat Hit by Major Ransomware Attack by Hunters International

Victim

Bank Rakyat

Attacker

Hunters International

Location

Kuala Lumpur, Malaysia

, Malaysia

First Reported

September 10, 2024

Ransomware Attack on Bank Rakyat by Hunters International

Bank Rakyat, officially known as Bank Kerjasama Rakyat Malaysia Berhad, has recently fallen victim to a ransomware attack orchestrated by the Hunters International ransomware group. This attack has resulted in the exfiltration of 463.2GB of data, encompassing 144,015 files. Despite the breach, Bank Rakyat has assured its customers that its banking system remains secure and that business operations continue as usual.

About Bank Rakyat

Bank Rakyat is a prominent financial institution in Malaysia, established in 1954 under the Cooperative Ordinance 1948. It operates primarily under the principles of Islamic banking, providing a wide range of financial services to individuals, SMEs, and corporate clients. The bank has a significant presence in Malaysia with 148 branches, over 986 ATMs, and 131 Ar-Rahnu X'Change outlets nationwide. As of the end of 2023, Bank Rakyat reported total assets of RM117.33 billion and a pre-tax and pre-zakat profit of RM1.76 billion.

Attack Overview

The ransomware attack by Hunters International led to the exfiltration of a substantial amount of data from Bank Rakyat. Initially, the group temporarily removed the post about the attack but later decided to leak all the stolen data on their dark web site. In response, Bank Rakyat confirmed that its banking system remained secure and emphasized its commitment to transparency and operational resilience. The incident was reported to the authorities, and customers were informed individually via letters and SMS about the situation and the bank's cybersecurity measures.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration used by Hunters International in the Bank Rakyat attack is not publicly detailed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Bank Rakyat's extensive digital banking initiatives, including platforms like iRakyat and BRICK, may have presented potential entry points for the attackers. The bank's commitment to digital transformation, while beneficial for customer convenience, also necessitates advanced cybersecurity measures to protect against such sophisticated threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.