[ UPDATE 06/02/2024 08:32 ] R00TK1T claims to have infiltrated Maxis’ network in Kulim, vows further attacks.
===
Maxis has responded to the claim made by the international hacker group R00TK1T. The telco said that its investigation did not find anything abnormal within its internal system but it did identify an incident involving third-party vendor systems.
The third-party vendor systems are outside of Maxis’ internal network
As noted in our report, R00TK1T has published three screenshots that seem to depict a backend system that belonged to Maxis. These screenshots seemed to be captured from the same system but each of them features three different router names including Huawei LG8245 as well as Kaon AR2140 and AR1344E.
Based on our quick search online and previous reports, Maxis did provide LG8245 and A2140 to its home fibre customers. While we are not familiar with the AR1344E, this particular router was likely meant for enterprise customers given the references made by the screenshot.
Meanwhile, the official response from Maxis did not make any direct references to these routers. Hence, their relations to R00TK1T’s cyberattack are unclear at the moment although the hacker group did announce its intention to release the telco’s customer data in days to come.
That being said, the telco did reveal that one of its third-party vendor systems may have been accessed without authorisation. This particular system is located outside of Maxis’ internal network and the telco is working with the vendor to investigate further.
Maxis did not name any vendor in its statement but we have previously noted that the telco has appeared on the corporate website of Aminia, who was the first victim of R00TK1T’s current campaign against Malaysia. The local network solutions and system integrator also provides custom hardware to telcos and some of their routers such as MA-131 and MA-141 can easily be found at online marketplaces.
You can check out the full statement from Maxis below:
Earlier today Maxis received a report alleging a cybersecurity breach. We immediately launched an investigation to determine the validity.
While we did not identify anything related to our own systems, we identified a suspected incident involving unauthorised access to one of our third-party vendor systems that resides outside of Maxis’ internal network environment. We are working with them to investigate further and have also informed the relevant authorities.
Our customers’ privacy and security are of the utmost importance to us, and our ongoing priority is a thorough assessment and containment. Additional defence measures are also being put in place to enhance the robustness of our systems with a view to reducing further risk. We will continue to provide necessary updates on developments.
