A gang of hacktivists known as “Mysterious Team Bangladesh” has become a significant and growing threat in the cybersecurity world. This group, driven by religious and political motives, has been responsible for over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements in just one year, according to researchers.
Group-IB’s Threat Intelligence Team recently discovered the activities of Mysterious Team Bangladesh. The group has targeted various organizations worldwide, with a particular focus on government, financial, and transportation sectors in India and Israel. However, they have also been active in countries like the Netherlands, Senegal, and the United Arab Emirates.
The origins of Mysterious Team Bangladesh can be traced back to 2020 when it was founded by an individual using the online alias D4RK TSN. However, it wasn’t until June 2022 that the group started its cybercriminal activities in full force. Since then, they have carried out a total of 846 attacks, with 34% directed at India and 18.1% at Israel.
While the group has primarily targeted specific countries, the researchers believe that Mysterious Team Bangladesh will expand its focus in the future. Financial companies and government entities in Europe, as well as other regions in Asia-Pacific and the Middle East, may become their next targets.
According to Group-IB, the group has shown a preference for targeting government resources and the websites of banks and financial organizations. If they cannot find a victim within these sectors, they resort to exploiting domains within the targeted country’s domain zone.
Hacktivist groups like Mysterious Team Bangladesh are often underestimated, but they pose a significant and sophisticated threat. They can disrupt critical systems, potentially leading to substantial financial and reputational losses for the organizations they target.
Mysterious Team Bangladesh has a distinct modus operandi. They begin their attacks based on news events that trigger their theme-based campaigns against specific countries. These campaigns usually last about a week before the group loses interest. However, their main focus remains on India and Israel.
To test a target’s resistance to DDoS attacks, the group usually carries out a short test attack. They frequently exploit vulnerable versions of PHPMyAdmin and WordPress in their malicious activities. This underscores the importance of timely software updates.
While the majority of their attacks have been DDoS-related, Mysterious Team Bangladesh has also defaced websites and gained unauthorized access to web servers and administrative panels. Instead of developing their own malicious tools or malware, the group utilizes various open-source utilities available to anyone.
To defend against DDoS attacks, Group-IB recommends organizations to deploy load balancers to distribute traffic and minimize the impact of such attacks. Configuring firewalls and routers to filter and block suspicious traffic is also crucial. Content delivery networks can be helpful by distributing traffic across a network and thwarting DDoS attacks. Regularly updating web-server backend software is another effective measure to prevent exploitation of known vulnerabilities.
Additionally, organizations can leverage emerging technologies like artificial intelligence and machine learning to assist network security teams in identifying and mitigating DDoS threats.
As Mysterious Team Bangladesh continues to evolve and intensify their activities, it is vital for organizations to remain vigilant and take proactive measures to protect their networks and sensitive information from these hacktivist groups.