[UPDATE: 5 August 2025 – 1:26pm] Cybersecurity Malaysia (CSAM) has responded to our query regarding the incident. Below is their statement:
“CyberSecurity Malaysia is aware of the report by MalaysiaNow, and we are in the midst of releasing an advisory on general best practices to prevent and mitigate data breaches in organisations.
We would like to clarify that this matter involves elements of the National Critical Information Infrastructure (NCII). As such, it falls under the jurisdiction of the National Cyber Security Agency (NACSA), which serves as the lead agency for matters relating to national cybersecurity.
We respectfully recommend that all further enquiries or official requests regarding this incident be directed to NACSA.”
It should be noted that we’ve also reached out to NACSA around the same time, but have yet to receive a response. We’ll keep you posted once the agency has provided more information.
EDIT: NACSA has released a statement regarding the alleged breach. Our follow up article can be found here.
[Original Story: 4 August 2025 – 7:06pm]
Threat actors have allegedly breached more than a dozen Malaysian government websites and are offering access to the compromised systems for sale on a dark web forum. The post, published over the weekend, lists at least 11 ministries and government agencies affected by the attack, with access to their systems reportedly being sold for US$20,000 (~RM85,500).
Among the entities named are the National Registration Department (JPN), the MyGovernment portal, Radio Televisyen Malaysia (RTM), as well as the ministries of health, defence, foreign affairs, and higher education. The post adds that stolen data includes information on VPN account connections, shell access credentials, network and web databases, subdomains, and local file-sharing details.

According to MalaysiaNow, several screenshots were uploaded as purported proof of access. The group is reportedly accepting payment in Monero cryptocurrency for the data.
In a statement to the publication, an anonymous security expert said the US$20,000 asking price is relatively low. They suggested that the data might not be critical, or that the breach could have been carried out by inexperienced individuals unaware of its true value.

Claims of the attack have not been independently verified, and the actual sensitivity or validity of the leaked data remains uncertain. MalaysiaNow adds that Cybersecurity Malaysia has been notified of this alleged breach.
(Source: MalaysiaNow)