Team Mysterious Bangladesh planning another tide of attack over Indian entities

Category: Adversary Intelligence	Industry: Global	Motivation: Hacktivism	Country: India	Source*: B2

Executive Summary

THREAT	IMPACT	MITIGATION
Team Mysterious Bangladesh announces another wave of attack Group compromised multiple Indian entities in the past DDoS & Defacement attacks amongst the most prominent attacks.	Discrepancies for users accessing affected websites and resources. Websites become vulnerable to further attacks. Loss of data, and credentials being compromised.	Conduct vulnerability assessment on the targeted web servers. Deploy Load Balancer and DDoS protection services. Block unnecessary IP addresses and geolocation.

Also Read New DDoS-for-Hire Platform Advertised on Multiple Cybercrime Forums

On 22 September 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group Team Mysterious Bangladesh planning attacks on Indian entities on Telegram.
The group mentioned carrying out the operation under the #OpIndia which was previously employed in the last set of attacks on the Indian government and private entities of India.

DDoS attacks, plausibly employing the Raven-Storm tool are the ones that should be anticipated in addition to defacing and attacks on the web server.

The group previously operated as a different group with its members operating under multiple organizations, including
- Elite Force 71
- Mysterious Team
- Bangladesh Cyber Anonymous Team
- Taskin Vau
The average age of the group’s members is between 20 to 25 years.
Members primarily reside in the Chittagong area of Bangladesh, and either study in college or have recently graduated.
Hacktivism appears to be their predominant motivation.
The group majorly operates and communicates via Facebook, Telegram, Twitter, etc.
The group has a history of reporting content at a mass scale for a takedown, under the false pretense of DMCA (Digital Millennium Copyright Act) or copyright.

Threat Actor Profiling
Active since	May 2021
Reputation	Intermediate
Current Status	Targeting Iran under #opiran & #FreeIran2022 & Myanmar under #OpMyanmar
TTP	Known for using various scripts for DDoS attacks and exploiting the HTTP flooding attack technique, similar to DragonForce. “./404found.my”, a tool previously used by Dragonforce to target Indian government websites, could have been used to conduct the attacks. Additional details and analyses of the tool have been conducted in the TTP report of the DragonForce group.
Rating	B2 (B: Usually reliable, 2: Probably True)

Impact	Mitigation
DDoS can leave websites more vulnerable as some security features may be offline due to the attack. Damaged infrastructure can cause the collapse of services provided by the website. Websites become vulnerable to further attacks. Loss of data, and credentials being compromised. Discrepancies for users accessing affected websites and resources	Conduct vulnerability assessment on the targeted web servers. Install necessary outdated patches. Deploy load balancer and DDoS protection services. Block unnecessary IP addresses and geolocation. Patch vulnerable and exploitable endpoints.