Group-IB Threat Intelligence unit has highlighted the activities of a resurgent hacktivist group responsible for over 750 distributed denial of service (DDoS) attacks and 78 website defacements in a year.
The Mysterious Team Bangladesh, founded in 2020 by a threat actor nicknamed D4RK TSN, targets the government, financial, and transportation sectors.
The group’s hacktivist campaigns gained attention in 2022 and peaked in May 2023 when it announced a large-scale campaign against India. Between June 2022 and July 2023, the group executed 846 attacks on various targets.
Group-IB warned that the group will intensify its DDoS attacks in Europe, Asia-Pacific, and the Middle East in 2023, focusing on financial companies and government entities.
Hacktivist group focuses on political and religious causes
Mysterious Team Bangladesh uses open-source utilities to carry out its DDoS attacks. Its arsenal includes third-party tools such as the “./404FOUND.MY” toolkit, Xerxes pen-testing toolkit, and DDoS tools Raven-Storm and Hulk.
Additionally, it conducts “test attacks” before launching full-scale campaigns and exploits PHPMyAdmin and WordPress vulnerabilities.
In some cases, the group gained access to web servers and administrative panels, potentially by exploiting known vulnerabilities or common or default admin passwords.
Additionally, the hacktivist group collaborates with other hacking gangs and is primarily driven by religious and political motives.
“A prime example is a recent campaign targeting multiple organizations in Sweden, potentially triggered by the incident involving the burning of the Quran,” noted researchers.
Another hacktivist group, Anonymous Sudan, simultaneously attacked Sweden after the Koran-burning incident.
According to Group-IB, the hacktivist group targets “logistics, government, and financial sector organizations in India and Israel.”
Unlike other hacktivists groups, Mysterious Team Bangladesh’s “multi-wave campaigns” focus on specific countries rather than individual companies.”
Over a third (34%) of Mysterious Team Bangladesh’s DDoS attacks target India, while nearly a fifth (18.1%) target Israel.
Other DDoS attacks targeted Australia (12.3%), Senegal (10.9%), the Netherlands (8.6%), Sweden (5.3%), Ethiopia (2.6%), and the United Arab Emirates (1.7%).
The hacktivist group has a long-running hacking campaign dubbed “Operation Israel,” which seeks to wage cyber war on the Jewish nation “until they stop killing Palestine people.”
According to its website, it also intends to remove adult and atheist content from social media.
Surprisingly, the Mysterious Team Bangladesh also concentrates its DDoS attacks on India, despite the two countries being close strategic partners. Likely, the longstanding Hindu – Muslim communal tensions in the Indian subcontinent precipitated the group’s cyber attacks on the Hindu-majority nation.
In 2022, Mysterious Team Bangladesh attacked India’s Central Board of Higher Education (CBHE), and leaked personally identifiable information.
However, data exfiltration attacks (access to website databases) are rare (2.6%), as the hacktivist group focuses on DDoS attacks (88.4%) and website defacements (9%).
Resurgence of hacktivism and DDoS attacks with a twist
Geopolitical conflicts like the Russo-Ukraine War catalyze renewed hacktivism, with several DDoS attacks by Russian groups such as Killnet and NoName057(16) already attributed to the conflict.
“The renaissance of hacktivism across the globe may have its roots in the ongoing geopolitical conflict, during which hacktivists have carried out multiple campaigns,” Group-IB stated.
However, none of the active hacktivist groups “has been particularly active, notorious, and highly organized,” according to the researchers.
Group-IB also noted that modern hacktivists are “less motivated by any ideology” but focus on gaining reputation “in order to subsequently monetize their information resources through the sale of advertising.”
The researchers warned that while hacktivist attacks are usually underestimated, they disrupt critical systems and cause massive monetary and reputational losses for affected organizations.