Posted on August 4, 2023 at 7:32 AM
Mysterious Team Bangladesh Linked To Multiple DDoS Attacks And Data Breaches In India
Mysterious Team Bangladesh, one of the largest hacktivist groups, has been linked to multiple distributed denial-of-service (DDoS) attacks and 78 website defacements targeting India. The hacker group has been running these DDoS campaigns since June 2022, and they have significantly affected the targeted parties.
Mysterious Team Bangladesh unveils DDoS attacks and data breaches against India
The activities of this hacker group were detailed in a report published by the Group-IB cybersecurity company. The report noted that the hacker group was launching hacking campaigns targeted at governments, logistics entities and financial companies operating in India and Israel.
“The group most frequently attacks logistics, government, and financial sector organizations in India and Israel. The group is primarily driven by religious and political motives,” the report from the security company said.
Besides India, the hacker group’s malicious activities also appeared to target other countries such as Australia, Ethiopia, Senegal, Sweden, and the Netherlands. The hacking activity shows that the hacker group has a broad reach and that the hacking trends might focus on a global reach.
The threat actor also said that it had obtained access to web servers and administrative panels, likely by exploiting known security vulnerabilities or passwords that have not been adequately secured using passwords.
The Mysterious Team Bangladesh’s hacking exploits
As the name suggests, the Mysterious Team Bangladesh hacker group is of Bangladesh origin. The hacker group has been involved in a wide range of hacking activities, with researchers saying that the group appears to have been formed in 2020. However, the Group-IB researchers noted no concrete proof of the hacker group conducting any campaign between 2020 and 2022.
The Facebook page of this hacker group reads that it is working to “protect Our Bangladesh Cyberspace.” Besides being on the Facebook platform, it is also active on Telegram and X (formerly Twitter).
The group also maintains a LinkedIn profile listing “Operation Israel” as an ongoing project. According to the LinkedIn profile page, the project has been going in since June last year. The page also claims that the hacker group supports Palestine amid the tussle with Russia.
The group has accused the Israeli government of killing and torturing Palestinians, adding that it would continue targeting Israel until the conflict with Palestine ends. The group’s activity was only recorded in 2022 despite launching in 2020.
The details about this hacker group conducting malicious campaigns were reported towards the end of 2022. At the time, CloudSEK announced plans made by the threat actor to attack organizations in India. The first attack conducted by the hackers against India happened on June 22, 2022.
In December 2022, the threat actors conducted an attack against India’s Central Board of Higher Education (CBHE) systems. This hacking exploitation exposed personally identifiable information, including government identification numbers.
The Mysterious Team Bangladesh has also been linked to a wide range of DDoS campaigns against multiple government websites in the UAE. The hacker group has also been launching attacks against government resources and the websites of banks and financial firms.
The company also noted that hacking campaigns have been on the rise globally. The rise might be linked to the ongoing geopolitical conflict that has birthed hacktivist groups. Such groups claim to be conducting hacking campaigns based on their political ideologies.
However, modern-day hacktivist groups operate differently from traditional hacktivist groups. The modern groups are less motivated by ideology and strove to create their own brand and recognition to monetize information resources by selling advertisements.
The findings come as a pro-Russian hacktivist group known as NoName057(16) has recently been associated with a wide range of DDoS attacks targeting websites in Italy and Spain.
The analysis conducted by Radware noted that the NoName057(16) hacktivist group has new features as the admins perform reconnaissance before launching the hacking campaign. The report also said that the hacker group usually investigates the target website to detect the resource-intensive features of a site.
The hackers usually target the pages that have a search function or a form where they can fill in details. The group records the variables used to access the GET and POST requests for the pages before crafting web requests using placeholders to access random data that can be leveraged as an attack vector.