Cyber Incident Victim: PT CARE TECHNOLOGIES
Date:
Sep 2022
Location:
Indonesia
Summary
A cybercriminal group breached PT CARE TECHNOLOGIES, an Indonesian insurance software vendor serving over 60 major insurance and healthcare clients, exfiltrating 2.2 GB of databases containing client and employee information. The attackers claimed access credentials and software vulnerabilities could extend to client systems using the same software version, though they did not attempt further exploitation, noting remediation efforts were likely underway after the vendor took servers offline. The group publicly leaked the data, declaring Indonesian personal information economically worthless due to market oversupply, citing plummeting per-record values and lack of buyer interest.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around September 22, 2022, the hacker group DESORDEN publicly claimed responsibility for a cyberattack targeting PT CARE TECHNOLOGIES, an Indonesian software vendor providing IT solutions to over 60 major insurance and healthcare companies in Indonesia, including clients such as AIG, Allianz, MNC, and BRI Insurance. DESORDEN announced the breach on a hacking forum, disclosing the theft of 2.2 GB of databases from PT CARE TECHNOLOGIES’ network. The compromised data included client and employee information stored in .csv files, which DESORDEN subsequently leaked in full. The group stated they had acquired client login credentials through the breach and emphasized that PT CARE TECHNOLOGIES’ clients deployed the same vulnerable software version as the vendor. DESORDEN suggested other threat actors could exploit this shared vulnerability to target the vendor’s clients, offering to share technical details of the flaw via private messages. In communications with journalists, DESORDEN clarified they had not directly accessed client systems but asserted that exploiting the vulnerability against clients’ self-hosted software instances would not require additional credentials. They indicated PT CARE TECHNOLOGIES had been notified about the vulnerability, prompting the company to take its servers offline—an action DESORDEN interpreted as evidence of remediation efforts underway.
The breach exposed sensitive client and employee data, though DESORDEN characterized the operation as financially unrewarding due to market oversaturation of Indonesian personal data. They declared Indonesian data “officially worthless,” citing plummeting black-market prices from $0.005 to $0.0002 per record and a lack of buyer interest. DESORDEN attributed this devaluation to rampant data leaks affecting Indonesian entities, which they claimed rendered further attacks on the region economically unjustified. While PT CARE TECHNOLOGIES’ server takedown suggested incident response activities, no explicit details regarding client notifications, vulnerability patching timelines, or forensic investigations were disclosed in available sources. The incident highlighted systemic risks posed by centralized software vendors serving multiple high-profile clients, particularly when shared infrastructure vulnerabilities could propagate across customer environments. DESORDEN’s public dismissal of Indonesian data’s market value raised questions about whether reduced profitability would deter future attacks against entities in the region.