Indonesian Banking Sector Threat Landscape
Essential information
- Published
- 09/07/2026 19:50
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- abcdoor amaranth loader apt espionage bfsi sector chrysalis cobalt strike cve-2025-8088 data breach financial cybercrime havoc indonesian banking lotuslite phishing campaigns ransomware extortion rustsl shadowguard supply chain compromise tgamaranth rat valleyrat
- Related entities
- 1 vulnerabilities (cve), 29 indicators, 28 observables, 1 intrusion sets (apt), 22 techniques (mitre), 10 malware
Description
Indonesia's Banking, Financial Services, and Insurance sector faced significant cyber threats throughout 2026, including multiple alleged data breaches targeting major banking institutions and fintech platforms. Underground forums advertised compromised datasets containing customer information, account details, and sensitive documents, with varying levels of validation. Ransomware groups ICARUS and The Gentleman conducted extortion campaigns against financial organizations. China-linked APT groups including SilverFox, Mustang Panda, Amaranth-Dragon, Lotus Blossom, and Shadow Campaigns demonstrated sophisticated capabilities through phishing operations, supply chain compromises, and zero-day exploitation. These state-aligned actors deployed advanced malware such as ValleyRAT, ABCDoor, LOTUSLITE, and custom backdoors for long-term espionage. The expanding digital banking ecosystem and regional financial connectivity have increased attack surfaces, requiring enhanced cyber resilience, continuous monitoring, a...