Team Mysterious Bangladesh planning another tide of attack over Indian entities

Summary

Team Mysterious Bangladesh announces another wave of attack Group compromised multiple Indian entities in the past. DDoS & Defacement attacks are amongst the most prominent attacks.
 
Category: Adversary Intelligence Industry: Global Motivation: Hacktivism Country: India Source*: B2

Executive Summary

THREAT IMPACT MITIGATION
  • Team Mysterious Bangladesh announces another wave of attack
  • Group compromised multiple Indian entities in the past
  • DDoS & Defacement attacks amongst the most prominent attacks.
  • Discrepancies for users accessing affected websites and resources.
  • Websites become vulnerable to further attacks.
  • Loss of data, and credentials being compromised.
  • Conduct vulnerability assessment on the targeted web servers.
  • Deploy Load Balancer and DDoS protection services.
  • Block unnecessary IP addresses and geolocation.
Also Read New DDoS-for-Hire Platform Advertised on Multiple Cybercrime Forums

Analysis and Attribution

Information from the Post

  • On 22 September 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group Team Mysterious Bangladesh planning attacks on Indian entities on Telegram.
  • The group mentioned carrying out the operation under the #OpIndia which was previously employed in the last set of attacks on the Indian government and private entities of India.
Snapshot from Team’s Telegram
Snapshot from Team’s Telegram
 
  • DDoS attacks, plausibly employing the Raven-Storm tool are the ones that should be anticipated in addition to defacing and attacks on the web server.

About Mysterious Team Bangladesh

  • The group previously operated as a different group with its members operating under multiple organizations, including
    • Elite Force 71
    • Mysterious Team
    • Bangladesh Cyber Anonymous Team
    • Taskin Vau
  • The average age of the group’s members is between 20 to 25 years.
  • Members primarily reside in the Chittagong area of Bangladesh, and either study in college or have recently graduated.
  • Hacktivism appears to be their predominant motivation.
  • The group majorly operates and communicates via Facebook, Telegram, Twitter, etc.
  • The group has a history of reporting content at a mass scale for a takedown, under the false pretense of DMCA (Digital Millennium Copyright Act) or copyright.

Threat Actor Activity and Rating

Threat Actor Profiling
Active since May 2021
Reputation Intermediate
Current Status Targeting Iran under #opiran & #FreeIran2022 & Myanmar under #OpMyanmar
TTP
  • Known for using various scripts for DDoS attacks and exploiting the HTTP flooding attack technique, similar to DragonForce.
  • “./404found.my”, a tool previously used by Dragonforce to target Indian government websites, could have been used to conduct the attacks.
  • Additional details and analyses of the tool have been conducted in the TTP report of the DragonForce group.
Rating B2 (B: Usually reliable, 2: Probably True)

Impact & Mitigation

Impact Mitigation
  • DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
  • Damaged infrastructure can cause the collapse of services provided by the website.
  • Websites become vulnerable to further attacks.
  • Loss of data, and credentials being compromised.
  • Discrepancies for users accessing affected websites and resources
  • Conduct vulnerability assessment on the targeted web servers.
  • Install necessary outdated patches.
  • Deploy load balancer and DDoS protection services.
  • Block unnecessary IP addresses and geolocation.
  • Patch vulnerable and exploitable endpoints.

References

Appendix

Real Life portrait leaked of the administrator of Mysterious Team Bangladesh
Real Life portrait leaked of the administrator of Mysterious Team Bangladesh
 
Groups associated with the administrator of Mysterious Team Bangladesh
Groups associated with the administrator of Mysterious Team Bangladesh
 

Table of Contents

Request an easy and customized demo for free