Wednesday, June 19, 2024

Mysterious Team Bangladesh Hackers Launched 750 DDoS Attacks and Hacked 78 Website

The notorious Hacktivists group, Known as Mysterious Team Bangladesh, exploits vulnerable versions of PHPMyAdmin and WordPress.

It conducts DDoS and defacement attacks through open-source utilities and is believed to have carried out over 750 DDoS and 70+ website defacements within a year.

The group has been active since 2020 and targets logistics, government, and financial sector organizations in India and Israel.

The Group-IB Threat Intelligence shared the latest report on Mysterious Team Bangladesh activities.

Detailed analysis:

According to the report, India was the most targeted nation, and the group launched a large-scale campaign against India in May 2023.

It is suspected that the group will expand its operation across Europe and Asia Pacific and the middle east at the end of 2023.

The most common technique utilized by the group to target the victim is DDOS and defacement attacks.

In addition to that, it exploits widely deployed and outdated services, such as PHPMyAdmin and WordPress.

A D4RK TSN threat actor is believed to be behind this group, and multiple active social media pages such as Facebook, Twitter, and Telegram were identified.

The group posted its past and upcoming attacks on their telegram channel which has been active since 2022.

A prime example of a group driven by religious motives is a recent campaign targeting multiple organizations in Sweden, triggered by the incident involving the burning of the Quran.

The percentage of attacks launched by the group is as follows: 88% were DDos,9% were defacement and 2.9% attacks were launched against databases.

In some cases, the group exfiltrated data from the organization and posted it on their Telegram channel.

They have the capability to launch attacks against a large number of targets quickly and assume that it has scripts for the mass exploitation of websites using the same frameworks or server software versions.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles