More about PDNS incident 2024 (The Indonesia National Data Center)
Summary
TLDRIn this video script, Bud Froman discusses the 2024 Indonesia National Data Center incident, where a ransomware attack by the 'brain chipper' group encrypted the data center's hypervisor, disrupting various government services. Froman, not involved in the incident, deduces the situation based on various sources, highlighting the lack of a timely switch to a disaster recovery center and the absence of proper backups. The script also mentions the unusual apology and offer of decryption keys from the attackers without ransom. Lessons learned and the importance of understanding the incident to prevent future attacks are emphasized.
Takeaways
- 🗓️ The incident occurred on June 20th, 2024, at the Indonesian National Data Center, affecting multiple services including immigration and causing significant disruption.
- 📊 A range of organizations were impacted, from the National Archive to university application systems, highlighting the widespread reliance on electronic services.
- 🚨 The data center was hit by a ransomware attack from a group known as 'brain chipper', which was a variation of LockBit 3.0, indicating a targeted and sophisticated cyber threat.
- 🛡️ The National Data Center's architecture included two data centers and one backup system, but the backup was not effectively utilized during the incident.
- 💡 The hypervisor, possibly VMware-based, was the main target of the ransomware, encrypting it and preventing access to virtual machines, which was a critical vulnerability.
- 🔒 The ransomware encrypted the hypervisor using Babuk encryption, which is a form of public key cryptography, complicating the decryption process.
- 🤔 There were questions about the incident's response time and the lack of a swift switch to the disaster recovery center, suggesting potential issues with preparedness and response protocols.
- 🛑 The incident raised concerns about the lack of effective backups, with some institutions not having their own backup systems, leading to a significant recovery challenge.
- 🔑 In an unusual twist, the attackers offered to provide the decryption key for free, which was confirmed to work by some, but raised suspicions about potential hidden malware.
- 🔍 The investigation into the incident is ongoing, with forensic reports not yet available to the public, leaving many questions about the breach's specifics unanswered.
- 📝 The speaker emphasizes the importance of learning from this incident to prevent similar occurrences in the future, underlining the need for better security practices and backup strategies.
Q & A
What was the main issue faced by the Indonesia National Data Center on June 20th, 2024?
-The main issue was that the Indonesia National Data Center, specifically PDN S2, was hit by a ransomware attack from a group called 'brain chipper,' which led to a denial of access to various government services and applications.
What is the significance of the term 'hypervisor' in the context of the data center's architecture?
-A hypervisor is a piece of software that allows multiple operating systems (virtual machines) to run on a single physical server. It is significant because the ransomware attack encrypted the hypervisor, preventing access to the virtual machines hosted on it.
Why was the Windows Defender disabled prior to the ransomware attack?
-The script does not provide a definitive reason for the disabling of Windows Defender, but it suggests that an attacker may have infiltrated the hypervisor and disabled it to pave the way for the ransomware injection.
How did the ransomware attack affect the immigration services in Indonesia?
-The attack caused the immigration services to become inaccessible, as they rely on electronic systems that were impacted by the ransomware. This included the auto gates at airports which could no longer function properly.
What was the role of Telkom Sigma in the incident?
-Telkom Sigma was the hosting provider for the National Data Center. The script suggests that the incident was specific to the PDN S2 and does not reflect on Telkom Sigma's overall credibility.
What was the outcome of the ransomware attack on the virtual machines (VMs)?
-The VMs were encrypted, and some institutions did not have backup systems in place, which complicated the recovery process. The decryption key was later offered by the attackers, but the extent of the encryption and its impact on individual VMs was not fully detailed.
What was the unusual development regarding the ransomware group's behavior after the attack?
-Unusually, the ransomware group issued a public apology and offered to provide the decryption keys for free, without demanding payment, which is not a common practice for such groups.
Why was there a delay in switching to the disaster recovery center (DRC) after the ransomware attack?
-The script does not provide a clear reason for the delay, but it raises questions about whether the DRC was also compromised, had different technology that made synchronization difficult, or if there was simply no DRC in place.
What was the reported issue with the backup systems of the affected institutions?
-The script indicates that many of the affected institutions did not have proper backup systems in place, which is a critical oversight for any organization, especially one providing essential government services.
What is the significance of the term 'Babuk encryption' mentioned in the script?
-Babuk encryption refers to the specific type of encryption used by the ransomware group. It is significant because understanding the encryption method is crucial for decrypting the affected systems and recovering the data.
What were some of the speculations about how the ransomware attack was initiated?
-The script suggests speculations about the attack being initiated through software vulnerabilities, remote desktop protocol connections, or by exploiting access to the hypervisor, but the exact method remains unclear.
Outlines
🗓️ Chronology of the 2024 Indonesia's National Data Center Incident
The speaker, Bud Froman, discusses the 2024 incident at Indonesia's National Data Center, highlighting the chronology of events starting from June 20th. On this date, at 4 a.m., immigration services in Indonesia faced an outage, rendering electronic systems in airports inoperative. This affected not only immigration but also other services reliant on the National Data Center. The incident was traced back to a ransomware attack by a group known as 'brain chipper,' which utilized a variation of the LockBit 3.0 ransomware. Froman clarifies that he was not involved in the design or operation of the data center and that his information is deduced from various sources.
🛡️ Exploring the Data Center's Architecture and Security Event
This paragraph delves into the architecture of the data center, explaining the shift from physical servers to virtual machines (VMs) based on VMware. The speaker hypothesizes about the possible points of failure, suggesting that the ransomware might have targeted the hypervisor rather than the VMs themselves. A security event three days prior to the ransomware attack, where Windows Defender was disabled, is also mentioned, raising questions about how the attacker gained access to the hypervisor and the overall security measures in place.
🔒 Impact of Ransomware and Hypervisor Encryption
The impact of the ransomware attack is discussed, with a focus on how it encrypted the hypervisor, preventing access to the virtual machines. The speaker mentions the use of Babuk encryption, which is a form of public key cryptography, and the implications of this on the decryption process. The incident's financial impact is not detailed, but the speaker emphasizes the importance of understanding the attack's root cause to prevent future occurrences.
🤔 Hypothesizing Attack Vectors and the Role of Network Security
In this section, the speaker speculates on how the ransomware might have infiltrated the system, considering potential attack vectors such as malicious emails, software vulnerabilities, and remote desktop protocol connections. The speaker suggests that the hypervisor could have been compromised through network access, indicating potential flaws in network security design. The possibility of the attack originating from within a virtual machine is also discussed.
🔄 Issues with Disaster Recovery and Backup Systems
The speaker addresses the response to the ransomware attack, questioning why the National Data Center did not switch to a disaster recovery center (DRC) and why backups were not restored. It is revealed that many virtual machines lacked proper backup systems, which is a significant oversight for a cloud service provider. The lack of a clear disaster recovery plan and the differences in technology between the primary data center and the DRC are highlighted as potential issues.
📜 Unusual Developments: Attacker's Apology and Key Provision
An unusual turn of events is described, where the ransomware attackers publicly apologized and offered to provide the decryption keys for free, without demanding payment. The speaker discusses the verification of the keys' legitimacy and the absence of any embedded malware within the key decryption application. The implications of this development for the recovery process and the integrity of the data center's operations are considered.
🏢 Lessons Learned and the Importance of Forensic Analysis
The final paragraph focuses on the lessons that should be learned from the incident, emphasizing the need for a thorough forensic analysis to understand the attack's origin and to prevent similar occurrences. The speaker also discusses the broader implications for service providers and the importance of having robust backup and disaster recovery plans in place. The incident serves as a cautionary tale about the potential consequences of inadequate security measures and the value of learning from past mistakes.
Mindmap
Keywords
💡National Data Center
💡Ransomware
💡VMware
💡Hypervisor
💡Disaster Recovery (DR)
💡Babuk Encryption
💡Windows Defender
💡Electronic Immigration System
💡Public Key Cryptography
💡Lessons Learned
💡Weak Password
Highlights
Bud Froman discusses the 2024 Indonesia National Data Center incident, providing insights despite not being directly involved in the design or investigation.
On June 20th, 2024, Indonesia's temporary Data Center suffered a ransomware attack, impacting immigration services and other government applications.
The ransomware, a variation of LockBit 3.0, was attributed to the Brain Ciper group, causing widespread disruption to electronic services.
Indonesia's National Data Center architecture includes two data centers and a cold backup system, with the affected PDN S2 managed by Telkom Sigma.
The incident raised questions about the data center's security measures and the effectiveness of its disaster recovery plan.
Froman speculates that the ransomware may have targeted the hypervisor, encrypting it and preventing access to virtual machines.
A security event three days prior saw Windows Defender disabled, possibly allowing the ransomware to infiltrate the system.
The lack of clear information on how the attacker gained access highlights the need for better security practices and protocols.
Babuk ransomware is known to spread through phishing emails, software vulnerabilities, and remote desktop protocol connections.
The use of ECC curve 25519 encryption for the hypervisor raises questions about the ransomware's sophistication and methods.
The attacker's unexpected apology and offer to provide decryption keys for free adds an unusual twist to the typical ransomware scenario.
The incident exposed the importance of having robust backup systems in place for both the data center provider and individual institutions.
Froman emphasizes the need for lessons to be learned from the incident to prevent similar attacks in the future.
The incident's impact on Telkom Sigma's credibility is questioned, as the attack was specific to the PDN and not reflective of the entire cloud system.
The lack of a clear timeline and ongoing resolution efforts leave many questions unanswered about the current state of the data center.
Froman concludes by stressing the importance of understanding the incident's root causes to improve security measures and prevent future attacks.
Transcripts
good morning this is Bud Froman
bu uh as I promised before I'm going to
talk about the recent
2024 Indonesia's uh National Data Center
incident or
inesia data
National Samara temporary don't know why
temporary uh my presentation material is
going to be in basa Indonesia the text
is in BAS Indonesia but I'm going to
talk in English let me switch to my
presentation okay so so
uh uh disclaimer plus disclaimer I am
not involved uh as part of the design
implementation of operational of uh and
our investigation of this so I got all
the uh information from many sources any
sources and I'm trying to uh deduce
based on those sources but those
information uh okay let me get my face
here on the screen
wait okay so let's
continue okay uh let's start with the uh
uh chronology uh of the the incident on
June 20th
um the pdns 2 this is apparently there
is more than one so this is the uh data
center temporary Data Center c number
two I'll get back on that but anyway
um uh at 400 a.m. in the morning on the
20th uh June
2024 immigrations they could not access
their uh services in Indonesia now these
days everything is um electronic so if
you go to airports I mean airports
basically in Jakarta sarata for example
there's an auto gate you can go through
this auto gate using you know electronic
system we put the passport scan it and
then it goes through it didn't work at
the same time the
applications um where you have to go
through this immigration it didn't work
so they
contacted uh Pat data National contacted
uh the National Data Center why they
could not access their services or their
servers and
apparently there was a problem and after
that other applications or other
institution or organizations that that
are using these Services they also uh
noticed that they could not uh access
their services here is example of u a
list partial list of uh applications or
organizations that um could not access
the arip uh National the archive
National Archive the electronic uh what
do you call it uh procurement system and
so on and so on and even I heard that
there is is uh an application for uh new
students uh University's requirement
that did not work so anyway what
happened was that the uh the uh data
center uh owned by com info the ministry
of communication and information and
hosted by uh Telcom
Sigma was hit by uh ransomware from a
brain chipper or brain ciper um depends
on your pronunciation um brain chipper
uh group and the ransomware is
apparently A variation of log bit 3.0
now uh let's talk about the National
Data Center first I have no idea how it
works because again I was not part of
the design and so on and so forth so
apparently there are uh three uh not
three uh two data centers and one backup
cold backup system uh the one that got
hit is in the one that uh in Sara this
is actually PDN
S2 um and then there there is also PDN
S1 question mark there is uh it is in
sarpong another another uh City and is
managed by it is managed by lintas Arta
another company and they're supposed to
be a cold backup in batam we'll talk
about this uh backup sites later on okay
so
anyway
uh they found out that they were hit by
ransomware okay now the service the pdns
service uh the the original idea long
long time ago that the uh government
services so this is government service
this is a service for government
organizations uh they they used to have
a collocation meaning all these
organizations government institutions
they can have their own machines and
they uh bring their machines to uh data
centers um organized by uh Ministry of
communication and information but these
days you don't need a physical servers
so you get virtual machines so
everything is actually visual machines
VM now the VM itself uh from what I
heard is uh based on VMware the one at
least the one in pdns 2 uh was or is by
VMware now uh which I'm I'm not really
sure which part of the VMware uh that
got hit so here here's there's kind of a
a topology uh or kind of an architector
of virtual machines so we have a
hardware instead of one instead of one
system uh sorry instead of many many
servers see hundreds or 200 servers um
which is very very very cumbersome to
minutes uh today we have a cloud system
we have whereby you have like a big
Hardware not big in terms of not not
even the size right in in terms of the
capacity and capability so you have a
big hardware and on top of that you put
an a host OS be that you know Linux or
Windows it doesn't really matter and
then on top of that you have this
hypervisor now this hypervisor is the
one that you know VMR has you can have
other Technologies uh other than VMR you
can have open stack spr smoks what else
um but basically there are many uh
hypervisors uh supervisor
implementations now on top of this you
have gas os's uh you have virtual
machines basically you can install you
know um Linux Debian Santos red hat or
whatever you you can also install
Windows so you can have many virtual
machines it depend uh it's it is uh
basically uh sorry hang on a second yeah
yeah I need coffee basically on top of
this hypervisor you can have many
virtual machines you can have you can
install as many as you uh like it
depends on the capability of the
hardware so you can have two 5 10 11
200s or whatever um um even thousands
but I if if thousands perhaps you can
have more than one uh Hardware like
physical machines so anyway you can have
virtual machines on top of the this so
this is one architecture but since the
this host o OS is not doing anything um
basically the hardware is just running
hypervisor right so there's no need to
have this host OS so you can take this
host OS out you can have an architecture
something something like this this is uh
called bare metal so you have the
hardware the bare metal and then on top
of that you put hypervisor and then
that's it so you manage the hyper fer to
some kind of software or web Bas
application or you know um what whatever
means but basically you uh manage these
VMS on top of this hypervisor okay so uh
going back to the case I don't know
whether the one that that got hit hit uh
was it the hypervisor or the VMS because
are the institution the government
institution institutions they have
access only to these FMS so they were
given
several VMS one two what have you so
yeah they have access to these VMS but
they do not have access to the
hypervisor now my opinion based on the U
uh news the uh the ransomware actually
hit the
hypervisor now uh before that before
that uh there was a news saying that on
uh June 17th like 3 days before that
there is a an event a security event
that a Windows Defender um Windows
Defender uh this is like an antivirus
antimalware
application was disabled my question is
how and which part assuming this
hypervisor is there right the hypervisor
is there
um uh my assumption is that the Windows
Defender is actually part of this
hypervisor so somebody actually uh went
inside this hypervisor and disabled the
uh Windows Defender and then uh
injected uh the ransomware if the
Windows Defender the one that you know
uh got
deactivated was this VM so the attacker
mainly um had access to the VM the
attacker did not have access to the
hyper viser so maybe just
one organization or one institution that
got hit by and somewhere but not the
whole uh data uh the pdns so because of
uh the
incident happened to the whole pdns so
my assumption my assumption is uh the
hypervisor the one that got hit so so
that's that right so that's the the the
the now because of that because of that
so this is for those who are not
familiar with ransomware uh because of
that because everything uh ransomware
basically what uh it does is um the
ransomware encrypts the hypervisor so
you don't have access to the hypervisor
because if you want to access it you
need password to open it you need
password to decrypt it because of this
hypervisor is in encrypted format those
guas osses they could not run on top of
this uh hypervisor so basically you need
keys
okay now in terms of uh the results uh
the effect uh how much money or if you
have some kind of
calculation
um how much can uh kind of
uh how big is the incident caused by by
this um I don't have the data okay so I
don't have data in terms of business
process I don't have the data now now
about the keys um and this one I uh uh
read several uh post things and one of
one of the uh posts by johannas uh he
actually uh look in uh went and looked
into this uh situation and he actually
refers engineered uh some part of this
uh encryption and the hypervisor was
encrypted with babuk encryption so with
babuk encryption I read somewhere that
babuk uh is an
encryption bab somewhere is encrypted by
AES 256 so this is more like a private
key crypto system but from what I
understand from johannas U uh post it
was encrypted with ECC curve
25519 so ECC is a public key crypto
system it's bit different um I I have to
believe that
uh the the the the incident um the the
the sorry the encryption that was used
is this one easy one this easy now how
how did the uh the hypervisor got hit
now I I I read say from sample uh from
Sentinel one from the the uh kind of the
the web page here it says babuk
ransomware is typically spread through
fing emails with malicious attachment or
links malicious downloads software
vulnerabilities and remote desktop
protocol connection so going back to the
architecture
okay if we and I should have uh describ
the the the the this diagram with that
text okay uh
if the attacker went from uh a malicious
email so somebody's reading email on top
of
this and I think that's not the case
because there's no email application
there's nobody actually log in here and
work here so that was not the case feing
download that was not the case unless
somebody's downloading something and
install it in the hypervisor that was
not the case in my opinion uh so there
were only two things um the things which
is okay remote desktop or some software
vulnerability so somebody actually had
access to the hypervisor through Network
and exploit some kind of
vulnerabilities uh if that's the case
then there's a bad design in terms of uh
the network because you're not supposed
to have access to the hypervisor
directly usually it's behind some kind
of firewall
jump um you know uh jump machine or jump
host or something like that or uh
through remote DOA protocol so there has
some kind of web based application and
the web based application or the
application that uh manages uh
hypervisor was taken over that's also
possible because I don't know what
happens um uh these two
they might be the problem now uh this is
about the encryption on the hypervisor
in terms of the VM itself uh and from
the blog posts that I uh read uh the VM
was encrypted with log bit A variation
of loog bit and I
add sorry um lock pit what lock pit uh
ransomware and the encryption I have no
idea is it salsa 20 or whatever but this
is just
uh uh
um like uh my guess my guess um I'm more
concerned about the hypervisor because
probably that's the one uh that is U you
know the main cause so about the uh the
VMR axi oh okay VMware esxi this is the
hypervisor by VMware on top of bare
metal so
apparently uh this was known like a year
ago
okay the the babuk itself uh the babuk
uh
encryption um itself um was leaking in
2021 so some people actually
investigated how an organized ransomware
works now uh early
2021 Sentinel laps the one that I got uh
you know like the one that I read the
block post this is Sentinel one sorry
Sentinel lab it's one of one of
companies that I were actually
monitoring this Sentinel one observe an
increase in VMware esxi ransomware based
on babuk so this was known in
2023 now if this is the case then
somebody should update the software
create a better sop because they uh they
should have known that this is a target
okay so now you got hit by a ransomware
what is the
response how come it took uh uh them
like four five s days uh even right
right now they're they're still trying
to to to resolve this case why didn't
they switch from the DC to the DRC from
pdns 2 switch to pdns
one I don't know why why didn't they
switch okay uh we got hit by rans
someware stop the DC and switch to DRC
right maybe one the DRC itself also got
hit by ransomware so the main the DC the
main one the disaster recovery Central
also got here
maybe I but I did not hear any respond
about that two this is what I heard the
technology behind uh DC and DRC they're
different um The One is using um VM and
the other one is using open stack that's
that was um that was the reason maybe
that was the reason because they're
different in technology so it is
difficult to synchronize back up and
restore maybe maybe that's the case the
third one there was no DRC or maybe in
the process of building if that's the
case I think it's you know I to me it's
unbelievable you're running a production
system with a backup system uh and this
is like a production system being used
all over Indonesia uh it's
just you know this is kind of the weird
case in my opinion that's that's why you
know um I I talked to some friends and
they also got confused because this is
this is supposed to be like Ani not Ani
right this supposed to have like sorry
this is laziness in my opinion this is
laziness pardon my
language so that was uh the first
question and then the second question
why didn't you uh resume from uh a back
up uh restore so basically you got hit
by ransomware okay now you reinstall
everything and then um restore from
backups now there's another story
apparently backups were not
done in fact many of the VMS or the
institutions they don't have a backup
system so this is uh kind of strange as
a provider of a cloud system you should
have back up you know your client so
that's one thing and the second uh each
individual VMS uh each individual VM
they're supposed to have to have backups
so if I'm running say I I I am an
organization say if
I'm Ministry of uh so such and such and
such I should have back up my own backup
right even though I am I'm running on a
cloud say the cloud by uh pdns or A
Cloud by a us Google Azure or Alibaba or
whatever you I should should have my own
backup yeah because I because that's my
system I have I have to have my backup
so again this is a problem and this is
one of the biggest U lesson learned okay
now this is what uh it gets strange uh
stranger and stranger and stranger kind
of weird weirder and weirder and we on J
on July 2nd on July 2nd uh there was an
a posting here from uh Ministry
communication sorry I need coffee uh
Minister Ministry of communication and
information com info so it's easier to
say it in Bess com info from com info uh
there was a a posting uh that says the
attacker they sent an apology a public
statement apologizing um for for the
attack and they're willing to give give
the uh key or keys back
without any payment you for free
basically they still have you know we
leave a Monero wallet for donation if
you still want to send us money fine
we'll accept them but you don't have to
pay so this is kind of strange usually
uh rans of whereare groups they don't
really care about what they're doing
okay so this is kind of now they said
they're going to give you Keys now the
problem is this first can the key
actually opens the
encryption meaning the key can the key
decrypts what uh what have been done
okay
so friends some people tried this and
they kind of uh created uh an encrypted
version and use uh the key to open it
can you open it yes apparently the key
can open confirm now second
is there a Trojan or another ransomware
or whatever Mal software embedded in
this key uh application key decryption
uh
application ah this is a question and
some people went through and refers
engineered the key and they said no um a
higher
possibility uh there is no Tren or R
someware embedded or malware embedded in
the uh application or key that was given
okay so that's uh the key to open the
hypervisor so if you open the hypervisor
everything is up and normal back to on
the 20th or before that okay so
everything um is supposed to be there
now the VMS uh the VMS on top of this H
this
hypervisor are they also encrypted from
what I understand some of them were
encrypted but using different kind of
keys um maybe not all but some of them
or maybe all I have no idea because uh
right now we're discussing the
hypervisor right okay so what uh what
come info offered is they reinstall
everything they restarted the hypervisor
and they restarted the VMS and it's
supposed to uh install again the VMS uh
after kind of hardening your own VM and
Hyper was Harden okay I'm going to skip
this part okay
now I I don't have a a a timeline uh
this is in the uh in progress I should
have cre created timeline here like from
17 19 20th and so on and so on up to
July 4 up to now I have no idea what's
going on right now um whether they're
running uh running it based on a v
hypervisor or configuration that was
decrypted using the key or whether
they're running it uh using a fresh
install of hypervisor and all these
fresh install of the VMS I don't know
what's going on these days okay now
there's another issue uh that says um
that says um uh the uh the server or the
data uh the National Data Center was
being accessed using a weak passwort uh
this was not true uh this was one of the
VMS yes uh one of the VMS um I think
this one is B
bpkp uh their machine uh was managed by
weak password so that is possible but
only for one VM or one institution not
the whole hypervisor so this was kind of
the the title was missing okay
concluding remarks okay what are the
lessons learn through this process and I
you know I I haven't heard people talk
about this I know uh they have done
forensic um
to you know foric to investigate the
incident I know that the forensic report
or reports are not available for uh
public consumption man that's that's
understandable but lesson learn lesson
learn I think we we have to talk about
lesson learn because this is important
because this is important because
otherwise we're going to get hit the
same thing again now many things are not
clear still to me how the Intruder got
in the first time you know the got in
and then disabled the Windows Defender
and so on and so forth uh uh yeah this
this is uh to me uh one of the biggest
mystery uh we should have learned from
that so that others can learn from our
mistakes because this is expensive so
this is a kind of lessons that are
expensive okay now
um about talcom Sigma um they uh talcom
Sigma uh host
other providers sorry other service
providers not only government
institutions and these are the clients
that other clients are not hit or were
not hit and are not hit by uh ransomware
so so this is not reflecting telom cell
Sigma
uh credibility in my opinion this is my
personal opinion I'm not paid by tcom
Sigma and so on but this is just you
know one of the their clients got hit so
so this is specific to the pdns not to
the uh you know the whole cloud system
so that's that I guess uh it's already
too long I um as this is what I uh you
know I promise earlier okay okay so
that's that uh I have delivered my
promise
uh it's not as good as I want it but I
I'm busy I just got got home last night
so you know it's one of those hectic
days I could not make the uh video
earlier because I was on the road you
know it's what's difficult I don't have
access to my configuration my uh uh disc
is full and so on and so forth and so
work my apology so I guess
uh um this is it I need to uh work now
and go back to my world okay stay safe
stay healthy bye
Посмотреть больше похожих видео
Cybersecurity incident in Indonesia: the PDN(S) incident
FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"
Teknologi Sebenarnya di Balik Peretasan Pusat Data Kominfo (Enkripsi Data)
It's Time to Pay the Ransom
Jawaban Menkominfo terkait Peretasan Data Pusat Data Nasional | Narasi Daily
Incident Investigation: Vacuum Truck Explosion Injures Worker | WorkSafeBC
5.0 / 5 (0 votes)