Bangladeshi hacktivist group targeting Indian Govt websites

A hacktivist group, Mysterious Team Bangladesh (MT), targeting Indian government websites and servers has been discovered by an AI-powered cyber intelligence and threat detection company called CloudSEK.

According to CloudSEK, the group used DDoS (Distributed Denial of Service) attacks against domains and subdomains of several state governments and a web server hosted by the Indian government. Websites belonging to the governments of Assam, Madhya Pradesh, Uttar Pradesh, Gujarat, Punjab and Tamil Nadu were affected.

The attacks came to light when on July 12, a member of Mysterious Team Bangladesh (MT), with the handle “D4RK TSN”, published a post on Pastebin, claiming to have conducted an HTTP flood DDoS attack on India-based government websites. Similar posts were seen on multiple platforms including Facebook, Pastebin, and Telegram.

One of the co-founders of MT has been recognised as Taskin Ahmed. The rest of the group primarily consists of students or recent graduates between the age of 20 to 25 years that previously operated under hacker organisations like Elite Force 71, Bangladesh Cyber Anonymous Team, and Taskin Vau.

They are predominantly motivated by hacktivism and have associations with an Indonesia-based hacktivist group, “Hacktivist of Garuda”. They also have a history of involvement in mass reporting of content across public platforms like Youtube, Facebook, Linkedin, etc.

Abhinav Pandey, a Cyber Threat Researcher at CloudSEK, said that these groups are more or less part of a bigger circle. This is the second time that such attacks have surfaced, the first being launched by Malaysia-based hacktivist group DragonForce against the Indian government after suspended BJP spokesperson Nupur Sharma’s controversial statement.

“The agenda behind the first series of attacks was probably to instigate violence and publicity as well. The DragonForce had almost declared itself as a ransomware group if it had not been outed,” Pandey added.

CloudSEK concluded the use of the Raven Storm tool by Mysterious Team for DDoS attacks. The tool uses multithreading for sending multiple packets at the same time to get the target (server) down.

The company also added that such attacks compromise the security and confidentiality of data on websites. Some security features might malfunction further escalating the site’s vulnerability to cyber-attacks. Website infrastructural damage might render its services and resources inaccessible to the user. Measures to protect against such malicious attacks include blocking unnecessary IP addresses and deploying Load Balancer and DDoS protection services. Regular upgradation of software and conducting vulnerability assessments of impacted web servers help identify and bridge the gap in security.

“Through meticulous analysis and profiling of multiple groups, it can be rightly concluded that such hacktivist groups collaborate amongst each other excessively to conduct nefarious attacks, DDoS being the primary one, followed by defacing attacks. Raven Storm has been the most prevalent tool employed, for such impactful DDoS attacks, by such hacktivist groups”, said Pandey.

DDoS can leave websites more vulnerable as some security features may go offline due to the attack. Damaged infrastructure can cause the collapse of services provided by the website. Websites become vulnerable to further attacks. Loss of data, and credentials being compromised.

Pandey also believed in the possibility of such attacks happening in the future as well and said that CloudSEK is taking all required measures to deal with them. CNBCTV18