The Indonesian branch of CNN has fallen victim to a cyberattack orchestrated by the INC Ransom hacking group. The cybercriminals announced the breach on January 28, adding the media company to their list of compromised organizations on their dark web leak site. Although INC Ransom published what they referred to as a “proof package”, the file was inaccessible when an attempt was made to view it.
CNN Indonesia was listed between two other victims—U.S. educational institutions, including Broward College, which INC claimed to have breached the same day, and Lake Highland Preparatory School, which had been mentioned earlier.
As of now, the exact nature of the data stolen or encrypted in the attack against CNN Indonesia remains unknown. Additionally, there has been no disclosed information regarding any ransom demands the group may have issued.
INC Ransom is a relatively new yet aggressive ransomware group first detected in July 2023. Its attacks predominantly target large organizations across the United States, the United Kingdom, and Australia, focusing on critical sectors such as healthcare, education, and government infrastructure. One of the group’s most high-profile claims includes the exfiltration of 4TB of data from Stark Aerospace, a U.S. military contractor specializing in missile system development.
Over the past year, INC Ransom has compromised at least 135 organizations, including:
- Tri-City Medical Center (California)
- San Francisco Ballet
- San Francisco Sheriff’s Department
- Leicester City Government (United Kingdom)
- NHS Dumfries and Galloway (Scotland)
- Xerox Corporation
The group employs a double-extortion strategy—first encrypting a victim’s data, then exfiltrating it, leveraging the threat of public disclosure to escalate ransom negotiations. INC Ransom’s attack vectors include phishing campaigns and exploitation of known vulnerabilities. Notably, the group has been actively abusing the CitrixBleed vulnerability, which has already been implicated in attacks against Change Healthcare, Boeing, ICBC Financial Services, and Australian port operator DP World.
As part of CNN Worldwide’s portfolio, CNN Indonesia broadcasts 24/7 in the Indonesian language, serving as a major news platform in the country. Since its 2014 launch, the network has amassed an audience of over 1.7 million viewers across free and paid services. At the time of writing, CNN Worldwide has not provided any official statements regarding the incident.
In May 2024, a threat actor using the alias “salfetka” advertised the source code for a ransomware strain targeting Windows and Linux/ESXi systems on underground forums, pricing it at $300,000. By September 2024, the Vanilla Tempest hacking group had begun deploying INC Ransom in attacks against U.S. healthcare organizations, further cementing the malware’s role in an expanding ransomware ecosystem.
With INC Ransom continuing to escalate its operations, cybersecurity experts warn that the group’s evolving tactics and aggressive extortion methods pose a significant threat to critical infrastructure worldwide.
