Multiple Indian Entities Targeted by the Khalifah Cyber Crew Under the #OpsBantaiKaw2 Campaign
December 2, 2022
D: Not usually reliable
4: Doubtfully True
Hacktivist groups motivate individuals to target Indian entities through data leaks or performing DDoS attacks.
Leaked PII information like PAN cards, addresses, and phone numbers of Indians have also been discovered on the telegram channel.
Threat actors can bring down websites with DoS and DDoS attacks, thereby affecting business continuity.
Threat actors could orchestrate social engineering schemes, phishing attacks, and even identity theft.
Analysis and Attribution
Information from the Post
CloudSEK’s contextual AI digital risk platform XVigil discovered a tweet by the threat group “Khalifah Cyber Crew” announcing a new campaign “OpsBantaiKaw2” for targeting Indian websites.
The threat actors mentioned in their Telegram group that the motivation behind the attack was “discrimination and cruelty of the Indian monarchy towards our Muslim brothers” and “news about the prohibition of wearing the hijab for Indian Muslim women”.
CloudSEK researchers found that most of the data the hacktivist group claimed to have “hacked” under this campaign, was publicly available.
Analysis from Telegram
In the first post, the group listed the following targets to launch DDoS attacks:
The industrykart[.]com website was later observed to be down according to their post.
Based on the posts in Malaysian and Indonesian timezones, it can be implied that both Malaysian and Indonesian actors were involved in this campaign.
Another post from the actors falsely claimed to have obtained the data about Indian NGOs from a “gov.in” website. However, our researchers identified the data to be publicly accessible on the website of the National Trust of India.
The researchers discovered that the other posts that were being advertised as “leaks” were all publicly accessible data.
The forwarded information also included PAN cards of Indian citizens from a Telegram group called “SBCC Learning ”.