Mysterious Team Bangladesh in to limelight

Researchers have spotted a hacktivists group that emerged as a prodigious new threat, using open-source utilities to carry out a spate of more than 750 DDoS attacks and 78 website defacements in short span.

The group called as “Mysterious Team Bangladesh,” targeted organizations in geographies as diverse as the Netherlands, Senegal, and the United Arab Emirates, but primarily has in its crosshairs government, financial, and transportation sector organizations in India and Israel.

While the group was founded in 2020 by a threat actor who goes by the online handle D4RK TSN, a total of 846 attacks under its belt between June 2022 and last month.

The highest percentage of those attacks, 34%, occurred in India, followed by 18.1% of attacks in Israel; in fact, these nations appear to be Mysterious Team Bangladesh’s top priorities.

The group has diversified its attack geographies and targets in recent months, and it is expected to intensify its focus on financial companies and government entities in Europe and other parts of Asia-Pacific and the Middle East.

The attack begins with the group taking notice of a news event that triggers a theme-based campaign against a specific country, which usually lasts about a week before the group loses interest. It then goes back to focusing on attacks against India and Israel.

It most often exploits vulnerable versions of PHPMyAdmin and WordPress in its malicious activity. On a larger note, the group may have gained access to web servers and administrative panels by using exploits for widely known vulnerabilities or common/default passwords for admin accounts.

Mysterious Team Bangladesh uses various open-source, widely available utilities, including the “./404FOUND.MY” utility, the Raven-Storm toolkit, penetration-testing tool Xerxes, and DDoS tool Hulk.

The group leverages these to conduct DDoS attacks at different network layers, including Layer 3, Layer 4, and Layer 7, the researchers found. This means it can carry out both attacks directed at individual servers, as well as DNS-amplification attacks that direct a large volume of traffic toward a victim’s network.

To defend against DDoS attacks, below are the recommendations

• Organizations deploy load balancers to distribute traffic to minimize the impact of DDoS. They also should configure firewalls and routers to filter and block suspicious traffic.
• Content delivery networks, or geographically distributed server groups that cache content close to end users, can also help organizations distribute traffic across a network to thwart a DDoS attack.
• Organizations also should regularly update Web-server backend software to prevent attackers from exploiting known vulnerabilities that may be present on the network.
• Organizations can use emerging AI and ML tools to assist network security teams in making more accurate and faster decisions about what constitutes a DDoS threat or is a more concerning, ongoing attack.