Category: Adversary Intelligence
Industry: Global
Motivation: Hacktivism
Country: India
Source*: B2
Executive Summary
THREAT
- Team Mysterious Bangladesh announces another wave of attack
- Group compromised multiple Indian entities in the past
- DDoS & Defacement attacks amongst the most prominent attacks.
IMPACT
- Discrepancies for users accessing affected websites and resources.
- Websites become vulnerable to further attacks.
- Loss of data, and credentials being compromised.
MITIGATION
- Conduct vulnerability assessment on the targeted web servers.
- Deploy Load Balancer and DDoS protection services.
- Block unnecessary IP addresses and geolocation.
Analysis and Attribution
Information from the Post
- On 22 September 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group Team Mysterious Bangladesh planning attacks on Indian entities on Telegram.
- The group mentioned carrying out the operation under the #OpIndia which was previously employed in the last set of attacks on the Indian government and private entities of India.
- DDoS attacks, plausibly employing the Raven-Storm tool are the ones that should be anticipated in addition to defacing and attacks on the web server.
About Mysterious Team Bangladesh
The group previously operated as a different group with its members operating under multiple organizations, including
- Elite Force 71
- Mysterious Team
- Bangladesh Cyber Anonymous Team
- Taskin Vau
- The average age of the group’s members is between 20 to 25 years.
- Members primarily reside in the Chittagong area of Bangladesh, and either study in college or have recently graduated.
- Hacktivism appears to be their predominant motivation.
- The group majorly operates and communicates via Facebook, Telegram, Twitter, etc.
- The group has a history of reporting content at a mass scale for a takedown, under the false pretense of DMCA (Digital Millennium Copyright Act) or copyright.
Impact & Mitigation
Impact
- DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
- Damaged infrastructure can cause the collapse of services provided by the website.
- Websites become vulnerable to further attacks.
- Loss of data, and credentials being compromised.
- Discrepancies for users accessing affected websites and resources
Mitigation
- Conduct vulnerability assessment on the targeted web servers.
- Install necessary outdated patches.
- Deploy load balancer and DDoS protection services.
- Block unnecessary IP addresses and geolocation.
- Patch vulnerable and exploitable endpoints.
References
Appendix
