india

Since June 2022, 78 website defacements and more than 750 distributed denial-of-service (DDoS) assaults have been attributed to the hacktivist collective Mysterious Team Bangladesh.

According to a report provided to The Hacker News by the Singapore-based cybersecurity company Group-IB, “the group attacks Indian and Israeli organizations in the logistics, government, and financial sectors most frequently.” “Religious and political motivations are the group’s main driving forces.”

Australia, Senegal, the Netherlands, Sweden, and Ethiopia are a few of the other nations that have been singled out for attack.

The threat actor is also reported to have accessed administrative panels and web servers, most likely by taking advantage of known security holes or weak passwords.

As implied by the name, Mysterious Team Bangladesh is thought to be of Bangladeshi descent. The Facebook group’s introduction states, “We are working to protect Our Bangladesh Cyberspace.”

Twitter and Telegram both saw frequent activity from the group. It claims to support Palestine, that the “Israeli Government killing & torturing Palestine people’s,” and that “we will attack their cyberspace until they stop killing Palestine People’s” in its LinkedIn profile, which shows “Operation Israel” as an ongoing effort since June 2022.

When CloudSEK disclosed its plans to strike Indian companies in the late 2022, information about the threat actor first became public. The Central Board of Higher Education (CBHE) networks in India were attacked in December 2022, exposing personally identifiable data including government identification numbers. Since then, DDoS attacks on numerous UAE official websites have been blamed for it.

group

On June 22, 2022, the gang launched its first offensive campaign against India, showing a preference for official websites as well as those of banks and financial institutions.

The company claimed that the ongoing geopolitical turmoil, in which hacktivists have engaged in numerous campaigns, may be to blame for the revival of hacktivism around the world.

As can be observed, contemporary hacktivist groups try to build their own reputation and brand rather than being driven by any particular ideology in order to later monetize their information resources through the sale of advertising.

The discoveries come as a new round of disruptive DDoS attacks on Spanish and Italian websites in recent weeks have been associated with a pro-Russian hacktivist organization known as NoName057(16).

In a Wednesday investigation, Radware noted that NoName057(16)’s DDoSia attacks were novel in that the group admins conducted reconnaissance before setting up their attack routes. They look into the target website and find the areas that use the most resources.

“Typical candidates are pages with a search tool or a form to fill out. NoName057(16) creates specific web requests with placeholders for random data to be used as attack vectors after recording all the variables used by GET and POST requests for those pages, including any cookies and potential captcha keys.