🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
On 20th May 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered a post made by a hacktivist group “Mysterious Team Bangladesh” claiming to have conducted a DDoS attack on Multiple UAE government websites. To establish proof of conducting a successful DDoS attack, evidence was shared along with the actor’s Telegram post. The actors shared links to Check-host.net, a web utility that provides real-time information on whether a domain or an IP address is available and responsive - whenever a user tries to reach it. (Refer to the Appendix for more details)
The group is known to use DDOS attacks to harm reputed organizations and government infrastructure.
'Anonymous Sudan’ and other notable hacktivist groups targeting the UAE are both geographically motivated due to political concerns surrounding Sudan's conflict and alleged UAE involvement. The groups exhibit similarities in targeting patterns and geographic focus.
To Note:
Based on past observation, the hacktivist groups have been seen targeting the same set of Government, banking, fintech, etc entities repeatedly, considering their success for the first few times. Also, this is largely done to maintain the traction for their campaigns and gain publicity.
The websites targeted by the hacktivist group in this incident are:
Ministry of Defence : Official Government Portal
Ministry of Energy & Infrastructure : Ministry of Health & Prevention
These groups do not use sophisticated attacks, they are primarily known to DDOS and mass scan for sensitive information like backups, SQL files that are exposed. Based on analyzing the activity of the service and Telegram channel we were able to discover methodologies that the group uses to conduct DDoS or DOS attacks as follows:
After tracking the group for quite some time we have gained information regarding the new toolset that they have started using, this includes:
The group can be attributed to abusing the HTTP Flooding attack method and DDos utilizing multiple scripts for DDoS attacks, resembling the TTP of the DragonForce group.