VTA-004454 – Mysterious Team Bangladesh Targeting Government and Financial Institutions to Launch DDoS and Web Defacement Attacks
Researchers have reported that a mysterious hacktivist group known as “Mysterious Team Bangladesh” have been carrying out over 750 DDoS attacks and more than 70 website defacements between June 2022 and July 2023. It is believed that in some cases, the group was also able to gain access to web servers and administrative panels, presumably using exploits for widely known vulnerabilities or default passwords for admin accounts.
DDoS stands for Distributed Denial of Service, and it is a method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would, using many different computers under the attacker’s control. It is assumed that the group prioritized victims that use outdated and widely deployed services, such as PHPMyAdmin (SQL database management software) and WordPress (website content management system). The group relies on open-source utilities for conducting DDoS attacks and defacements attacks such as the “./404FOUND.MY”, Xerxes, Hulk, Raven-Storm toolkit, etc. at different network layers: Layer 3, Layer 4, and Layer 7.
To conclude, the risk of hacktivism should be mapped and properly mitigated a part of threat intelligence programs of political, government, and some private sector organizations that may become targets of hacktivists.
Severity:
Medium
Attack Surfaces:
Web Application
Tactics:
Credential Access, Impact
Mitre Engage Tactics:
Detect, Disrupt, Prevent
Techniques:
T1491 – Defacement
T1498 – Network Denial of Service
T1212 – Exploitation for Credential Access
Technical Impact Analysis:
Loss of Accountability, Loss of Availability, Loss of Confidentiality, Loss of Integrity
References:
https://www.group-ib.com/blog/mysterious-team-bangladesh/
SuperPRO’s Threat Countermeasures Procedures:
1. Set up web application firewall (WAF) with strict security policies to filter and automatically block suspicious traffic.
2. Employ Content Delivery Networks (CDNs) to distribute web content to servers located closer to end-users.
3. Establish a robust patch management process to regularly update the web server software, operating system, and web applications.
4. Enforce SSL/TLS encryption for all data transmitted between the web server and clients.
5. Regularly review server logs to detect suspicious activities and potential security breaches.
6. Consider subscribing to CODERED ASM for external attack surface management to reduce your exposure risk.
Contributed by: Mun