Numerous distributed denial-of-service (DDoS) attacks have been detected against different banking institutions in India, according to a recent discovery by our threat researchers in iZOOlogic. The series of attacks on Indian firms and news publishers began last February, accomplished by the ‘Team Mysterious Bangladesh’ group.
The initial attacks happened on February 10, when the Team Mysterious Bangladesh group shared on their Twitter page about taking an Indian news website offline via a DDoS operation. The gang explained that their attacks against India’s journalists and news publishers were due to the latter’s Islamophobic behaviours and the uncalled defacements of Bangladeshi websites.
As March began, more and more Indian firms were struck by Team Mysterious Bangladesh.
Aside from targeting Indian news sites and journalists, the Bangladesh-based hacking group started attacking other Indian firms, including a coal mining company, a pharmaceutical company, banking institutions, educational institutions, and armed forces.
The last batch of attacks, as updated from the group’s Twitter page, was last March 4, when numerous banking institutions in India were impacted. As of this report, all sites of the affected Indian firms have returned to normal operations.
Team Mysterious Bangladesh is known as a pro-Palestinian group that uses scripts for its DDoS attack operations against companies in targeted countries. The group also launches HTTP flooding attacks using similar techniques to the ‘DragonForce Malaysia’ threat group.
First spotted active in 2021, more reports of previous attack campaigns from Team Mysterious Bangladesh have been documented since 2022. Some of these notable attacks impacted India’s education sector and government websites.
Experts claim that the group’s predominant attack purpose is hacktivism, which involves breaking into a computer system under a social or political motive.
Since DDoS attacks pose crucial threats to compromised entities, security experts encourage system admins to conduct vulnerability assessments on web servers, apply updated patches, deploy DDoS protection services, block suspicious IP addresses and geolocation, and fix vulnerable endpoints exposed to exploitation.
