Cyber Threat Actor: Bjorka
| Actor Type | Location | Known Incidents |
Hacker
|
Russia
|
3 incidents |
|---|
Profile
Bjorka is a threat actor known by that alias and has been linked to a series of data breaches affecting Indonesian government and telecommunications entities. The actor’s location is reported as Russia, though no further personal details are publicly available. Bjorka’s activities have focused on Indonesia, targeting institutions such as the Immigration Directorate General, the General Elections Commission, and the state‑owned telecommunications provider PT Telkom Indonesia. The primary objective observed in these incidents is financial gain, as the stolen datasets were offered for sale on underground forums with explicit price tags attached to the data.
In one notable campaign, Bjorka announced the leak of approximately 105 million Indonesian citizens’ personal information, allegedly sourced from the General Elections Commission, and offered the 20 GB dataset for $5,000 on BreachForums. Another significant operation involved the compromise of IndiHome subscribers, where browsing history data—including dates, passwords, domains, platforms, browsers, and specific URLs—of over 26 million users was exposed and posted on illicit websites. A third incident saw the breach of Indonesia’s Immigration Directorate General, resulting in the exposure of passport details for more than 34 million individuals, which was also advertised for sale. These operations demonstrate a pattern of acquiring large volumes of personally identifiable information and monetizing it through illicit markets.
Publicly available sources do not specify any malware families, initial access vectors, or particular tooling employed by Bjorka, so no technical TTPs can be confirmed from the provided material. Likewise, there is no explicit evidence linking the actor to a state sponsor or a criminal consortium beyond the reported Russian location. Consequently, the profile is limited to the observed targeting of Indonesian sectors, the financially motivated sale of stolen data, and the three representative breaches outlined above.
