Team Insane PK claims DDoS Attack on 44 Indian Banking and Finance Websites

CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have conducted a DDoS attack on 44 Indian banking and finance websites. 
Updated on
May 29, 2023
Published on
May 22, 2023
Read time
6
Subscribe to the latest industry news, threats and resources.

Category:  Adversary Intelligence
Industry: 
Finance & Banking
Motivation:
Hacktivism
Country:  India
Source
*
D: Not usually Reliable 
6: Difficult to Say

Executive Summary

  • On 16 May 2023, CloudSEK’s contextual AI digital risk platform XVigil  discovered a threat actor group claiming to have conducted a DDoS attack on 44 Indian banking and finance websites. 
  • This attack was done in retaliation to the cyber warfare occurring between Indian hacktivist teams like team UCC operations, Indian Cyber Force, and CyberXForce, and hacktivist teams belonging to Pakistan and Malaysia.
Snapshot from the group’s Telegram Channel


  • To establish proof of conducting a successful DDoS attack, evidence was shared along with the actor’s Telegram post. The actor’s shared links to check-host.net
  • Check-host.net is a web utility that provides real-time information on whether a domain or an IP address is available and responsive - whenever a user tries to reach it.
Check host Snapshot for the Website status

Information from the Post

The Indian Banks and Finance websites targeted by the hacktivist group in this incident are:



  • www.bankwithus.in
  • www.iba.org.in/
  • www.iob.in/
  • www.idbibank.co.in (D)
  • www.unionbankonline.co.in (D)
  • www.netbanking.indianbank.in
  • Centralbank.net.in (D)
  • bankofindia.co.in
  • Unionbankofindia.co.in (D)
  • Bankersdaily.in (D)
  • bankofmaharashtra.in
  • www.employmentbankwb.gov.in
  • Allahabadbank.in (D)
  • Nainitalbank.co.in (D)
  • cosmosbank.in
  • Bankcontact.in (D)
  • Sscbankgk.in (D)
  • www.bankingcareers.in (D)
  • finopaymentbank.in
  • bankerschoice.in
  • Dhanbank.in (D)
  • Allbankcare.in (D)
  • bankura.gov.in
  • Unitedbank.co.in (D)
  • apexbank.in
  • Centralbank.co.in (D)
  • canarabankcsis.in
  • Dohabank.co.in (D)
  • www.ippbonline.com/
  • www.bankofbaroda.in
  • bankexamtips.in
  • buybankpocourse.in
  • Indianbankcreditcard.in (D)
  • bankmantra.in
  • www.indbankguru.in
  • www.bankingfinance.in (D)
  • 99banks.in
  • bankerz.in
  • Bankpower.in (D)
  • www.bankinfosecurity.in
  • bccbank.in


Note: At the time of creating this report, many banks had functioning websites. However, it is worth noting that 18 banks were still experiencing website downtime and were unresponsive.  (D) above signifies the website observing downtime.

Threat Actor Activity and Rating

Threat Actor Profiling

Active since

July 2022 

Telegram Channel: https://t.me/Team_Insane_pk

Telegram Channel: https://t.me/teaminsanepk
Twitter: https://twitter.com/team_insane_pk 

Reputation

Medium

Current Status

Targeting Iran under #OpIran & India under #OpIndia

History

  • Has attacked Indian & Iranian entities with DDoS attacks

  • While the actor’s Telegram was created in October 2022, The actor’s Twitter is active from July 2022

Rating 

D6 (D -  Not usually Reliable,  6 - Difficult to Say)

Impact & Mitigation

Impact

  • DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
  • Damaged infrastructure can cause the collapse of services provided by the website.
  • Website downtime or slow loading times, which can result in lost revenue, damage to reputation, and frustration for users.
  • Inability to access important online services, such as online banking, and more.

Mitigation

  • Deploy load balancers to distribute traffic.
  • Enable rate-limiting mechanisms.
  • Configure firewalls and routers to filter and block traffic.
  • Utilize content delivery networks (CDNs) to distribute traffic.
  • Implement bot-detection technologies and algorithms -to identify large-scale web requests from botnets employed by actors to conduct DDOS Attacks

References


Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations