Team Mysterious Bangladesh planning another tide of attack over Indian entities
Team Mysterious Bangladesh announces another wave of attack Group compromised multiple Indian entities in the past. DDoS & Defacement attacks are amongst the most prominent attacks.
Updated on
June 8, 2023
Published on
October 23, 2022
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
Team Mysterious Bangladesh announces another wave of attack
Group compromised multiple Indian entities in the past
DDoS & Defacement attacks amongst the most prominent attacks.
IMPACT
Discrepancies for users accessing affected websites and resources.
Websites become vulnerable to further attacks.
Loss of data, and credentials being compromised.
MITIGATION
Conduct vulnerability assessment on the targeted web servers.
Deploy Load Balancer and DDoS protection services.
Block unnecessary IP addresses and geolocation.
Analysis and Attribution
Information from the Post
On 22 September 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group Team Mysterious Bangladesh planning attacks on Indian entities on Telegram.
The group mentioned carrying out the operation under the #OpIndia which was previously employed in the last set of attacks on the Indian government and private entities of India.
Snapshot from Team’s Telegram
DDoS attacks, plausibly employing the Raven-Storm tool are the ones that should be anticipated in addition to defacing and attacks on the web server.
About Mysterious Team Bangladesh
The group previously operated as a different group with its members operating under multiple organizations, including
Elite Force 71
Mysterious Team
Bangladesh Cyber Anonymous Team
Taskin Vau
The average age of the group’s members is between 20 to 25 years.
Members primarily reside in the Chittagong area of Bangladesh, and either study in college or have recently graduated.
Hacktivism appears to be their predominant motivation.
The group majorly operates and communicates via Facebook, Telegram, Twitter, etc.
The group has a history of reporting content at a mass scale for a takedown, under the false pretense of DMCA (Digital Millennium Copyright Act) or copyright.
Threat Actor Activity and Rating
Threat Actor Profiling
Active since
May 2021
Reputation
Intermediate
Current Status
Targeting Iran under #opiran & #FreeIran2022 & Myanmar under #OpMyanmar
TTP
Known for using various scripts for DDoS attacks and exploiting the HTTP flooding attack technique, similar to DragonForce.
“./404found.my”, a tool previously used by Dragonforce to target Indian government websites, could have been used to conduct the attacks.
Additional details and analyses of the tool have been conducted in the TTP report of the DragonForce group.
Rating
B2 (B: Usually reliable, 2: Probably True)
Impact & Mitigation
Impact
DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
Damaged infrastructure can cause the collapse of services provided by the website.
Websites become vulnerable to further attacks.
Loss of data, and credentials being compromised.
Discrepancies for users accessing affected websites and resources
Mitigation
Conduct vulnerability assessment on the targeted web servers.
Install necessary outdated patches.
Deploy load balancer and DDoS protection services.
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.