| Category:
Adversary Intelligence |
Industry:
Global |
Motivation:
Hacktivism |
Country:
India |
Source*:
B2 |
Executive Summary
| THREAT |
IMPACT |
MITIGATION |
- Team Mysterious Bangladesh announces another wave of attack
- Group compromised multiple Indian entities in the past
- DDoS & Defacement attacks amongst the most prominent attacks.
|
- Discrepancies for users accessing affected websites and resources.
- Websites become vulnerable to further attacks.
- Loss of data, and credentials being compromised.
|
- Conduct vulnerability assessment on the targeted web servers.
- Deploy Load Balancer and DDoS protection services.
- Block unnecessary IP addresses and geolocation.
|
Also Read New DDoS-for-Hire Platform Advertised on Multiple Cybercrime Forums
Analysis and Attribution
Information from the Post
- On 22 September 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group Team Mysterious Bangladesh planning attacks on Indian entities on Telegram.
- The group mentioned carrying out the operation under the #OpIndia which was previously employed in the last set of attacks on the Indian government and private entities of India.
[caption id="attachment_21239" align="aligncenter" width="828"]
Snapshot from Team’s Telegram[/caption]
- DDoS attacks, plausibly employing the Raven-Storm tool are the ones that should be anticipated in addition to defacing and attacks on the web server.
About Mysterious Team Bangladesh
- The group previously operated as a different group with its members operating under multiple organizations, including
- Elite Force 71
- Mysterious Team
- Bangladesh Cyber Anonymous Team
- Taskin Vau
- The average age of the group’s members is between 20 to 25 years.
- Members primarily reside in the Chittagong area of Bangladesh, and either study in college or have recently graduated.
- Hacktivism appears to be their predominant motivation.
- The group majorly operates and communicates via Facebook, Telegram, Twitter, etc.
- The group has a history of reporting content at a mass scale for a takedown, under the false pretense of DMCA (Digital Millennium Copyright Act) or copyright.
Threat Actor Activity and Rating
| Threat Actor Profiling |
| Active since |
May 2021 |
| Reputation |
Intermediate |
| Current Status |
Targeting Iran under #opiran & #FreeIran2022 & Myanmar under #OpMyanmar |
| TTP |
- Known for using various scripts for DDoS attacks and exploiting the HTTP flooding attack technique, similar to DragonForce.
- “./404found.my”, a tool previously used by Dragonforce to target Indian government websites, could have been used to conduct the attacks.
- Additional details and analyses of the tool have been conducted in the TTP report of the DragonForce group.
|
| Rating |
B2 (B: Usually reliable, 2: Probably True) |
Impact & Mitigation
| Impact |
Mitigation |
- DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
- Damaged infrastructure can cause the collapse of services provided by the website.
- Websites become vulnerable to further attacks.
- Loss of data, and credentials being compromised.
- Discrepancies for users accessing affected websites and resources
|
- Conduct vulnerability assessment on the targeted web servers.
- Install necessary outdated patches.
- Deploy load balancer and DDoS protection services.
- Block unnecessary IP addresses and geolocation.
- Patch vulnerable and exploitable endpoints.
|
References
Appendix
[caption id="attachment_21240" align="alignnone" width="1245"]
Real Life portrait leaked of the administrator of Mysterious Team Bangladesh[/caption]
[caption id="attachment_21241" align="alignnone" width="571"]
Groups associated with the administrator of Mysterious Team Bangladesh[/caption]
