Ransomware Attack on Bank Rakyat by Hunters International

Bank Rakyat, officially known as Bank Kerjasama Rakyat Malaysia Berhad, has recently fallen victim to a ransomware attack orchestrated by the Hunters International ransomware group. This attack has resulted in the exfiltration of 463.2GB of data, encompassing 144,015 files. Despite the breach, Bank Rakyat has assured its customers that its banking system remains secure and that business operations continue as usual.

About Bank Rakyat

Bank Rakyat is a prominent financial institution in Malaysia, established in 1954 under the Cooperative Ordinance 1948. It operates primarily under the principles of Islamic banking, providing a wide range of financial services to individuals, SMEs, and corporate clients. The bank has a significant presence in Malaysia with 148 branches, over 986 ATMs, and 131 Ar-Rahnu X'Change outlets nationwide. As of the end of 2023, Bank Rakyat reported total assets of RM117.33 billion and a pre-tax and pre-zakat profit of RM1.76 billion.

Attack Overview

The ransomware attack by Hunters International led to the exfiltration of a substantial amount of data from Bank Rakyat. Initially, the group temporarily removed the post about the attack but later decided to leak all the stolen data on their dark web site. In response, Bank Rakyat confirmed that its banking system remained secure and emphasized its commitment to transparency and operational resilience. The incident was reported to the authorities, and customers were informed individually via letters and SMS about the situation and the bank's cybersecurity measures.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration used by Hunters International in the Bank Rakyat attack is not publicly detailed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Bank Rakyat's extensive digital banking initiatives, including platforms like iRakyat and BRICK, may have presented potential entry points for the attackers. The bank's commitment to digital transformation, while beneficial for customer convenience, also necessitates advanced cybersecurity measures to protect against such sophisticated threats.

Sources

• Bank Rakyat - Bank Information
• SOCRadar - Dark Web Profile: Hunters International
• Quorum Cyber - Hunters International Ransomware Report
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage