
CNN Indonesia, the nationwide broadcast and online news network, was claimed by the notorious INC Ransom group.
Part of the CNN Worldwide portfolio, the 24-hour Indonesian language news station was listed by the gang sometime on Tuesday.
Based in South Jakarta, the national and international news outlet serves more than 1.7 million free and pay-to-watch viewers in the Southeast Asian nation.
The ransomware group posted little about its claim, except for its signature ‘proof pack,’ which was not loading properly when Cybernews visited its dark leak site.
The CNN Indonesia listing was also sandwiched between two other purported ransomware victims, both from the US education sector and located in Florida state: Broward College, which INC also claimed on Tuesday, and the Lake Highland Preparatory School listed by the group on Monday.

Additionally, no information was provided about the type or amount of data INC allegedly was able to access and exfiltrate from CNN Indonesia or the other two alleged victims.
First launched a decade ago, CNN Indonesia is a strategic partnership between CNN's founding company Turner Broadcasting System (now Warner Bros. Discovery), and Trans Media Corpora PT, an Indonesian TV broadcast conglomerate.
Cybernews has reached out to CNN Worldwide for comment but has not heard back at the time of publishing this report.
Who is INC Ransom?
The INC Ransom group was first noted by security researchers in July 2023. The group, of unknown origin, is known to target corporate organizations primarily in the US, UK, and Australia, including in the healthcare, education, and government sectors.
Just last week, INC claimed to have stolen 4 TB of sensitive information from US Military and Department of Defense contractor Stark Aerospace, a missile systems and aerial weapons manufacturer.
According to the Cybernews Ransomlooker tool, INC Ransom claims to have victimized at least 135 organizations over the last 12 months, including Califonia's Tri-City Medical Center last month, the San Francisco Ballet, the San Francisco Sheriff's Department, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation in December 2023.

The gang, often using spear phishing attacks to compromise its victims, is considered a multi-extortion operation – which means it not only encrypts and steals its target’s data but then threatens to publish it online if the victim doesn’t pay up.
The group is also said to target its victims by exploiting known security vulnerabilities, taking part in the mass exploitation of the infamous Citrix NetScaler zero-day vulnerability discovered by threat researchers in July 2023, according to a profile by Sentinel One.
Referred to as the “Citrix Bleed,” the security flaw led to dozens of malicious attacks on big-name organizations – including UnitedHealth Group’s Change Healthcare, The Boeing Company, ICBC Financial Services, and Australian port operator DP World – although most breaches were believed to have been carried out by the Russian-linked LockBit ransomware group.
Your email address will not be published. Required fields are markedmarked