Telegram Takeover

An increasing number of local Telegram users have reported to BruCERT since April this year that their accounts had been hacked or taken over. It is suspected that the number of unreported cases could be much higher. 
•     The user receives a message from Telegram containing a 5-digit login code as a result of the scammer trying to register the user’s phone number.

Organisations Are Encouraged To Urgently Strengthen Cyber Security Posture

Cyber threats are expected to increase globally as a result of the current conflict in Europe. All organizations in Brunei Darussalam are advised to increase awareness and strengthen all critical systems to safeguard data against potential cyber-attacks, such as website defacement, distributed denial of service (DDoS), and ransomware attacks. 


BruCERT recommends that the following immediate actions should be taken. 

S​ystem hardeni​ng

Emergency fix for Exchange Y2K Bug

Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Email is getting stuck in the queue, and these errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.

FluBot Malware


Malicious text messages are being spammed to mobile users, containing a link which redirects Android users to download FluBot malware. The language and wording of the text message can vary, such as: 
•    You have a voicemail message.
•    Your parcel is out for delivery. Click the link to track your parcel.
•    Someone would like to share a photo album with you.
•    Your Android device is infected with malware. You must install this security update to remove the malware.

Brunei Postal Services Department Phishing Scam


BruCERT has received a report of a phishing scam involving Brunei Postal Services Department. An SMS message which appears to be from "Brunei Post" informs the recipient that their package has been relocated to a post office branch due to unpaid postage fees. The message includes a shortened link that will redirect the user to a fake website where they will be asked to enter their full name and credit card details.