Bangladesh's hacktivist group attacks Indian govt websites

A hacktivist group Mysterious Team Bangladesh (MT) targeting Indian government websites and servers has been discovered by CloudSEK. Similar to DragonForce, it uses DDoS (Distributed Denial of Service) attacks against domains and sub-domains of several State governments and a web server hosted by the Indian government. Websites belonging to governments of Assam, Madhya Pradesh, Uttar Pradesh, Gujarat, Punjab and Tamil Nadu were affected.

The incident came to light when a member of MT made a post claiming to have launched an HTTP flood DDoS attack on government websites. Similar posts were seen on multiple platforms including Facebook, Pastebin, and Telegram.

One of the co-founders of MT has been recognized as Taskin Ahmmed. The rest of the group primarily consists of students or recent graduates between the age of 20 to 25 years that previously operated under hacker organizations like Elite Force 71, Bangladesh Cyber Anonymous Team, and Taskin Vau. They are predominantly motivated by hacktivism and have associations with an Indonesia-based hacktivist group, "Hacktivist of Garuda". They also have a history of involvement in mass reporting of content across public platforms like YouTube, Facebook, Linkedin, etc.

CloudSEK concluded the use of Raven Storm tool by Mysterious Team for DDoS attacks. The tool uses multithreading for sending multiple packets at the same time to get the target (server) down.

Such attacks compromise the security and confidentiality of data on websites. Some security features might malfunction further escalating the site's vulnerability to cyber attacks. Website infrastructural damage might render its services and resources inaccessible to the user. Measures to protect against such malicious attacks include blocking unnecessary IP addresses and deploying Load Balancer and DDoS protection services. Regular upgradation of software and conducting vulnerability assessment of impacted web servers helps identify and bridge the gap in security.

"Through meticulous analysis and profiling of multiple groups, it can be rightly concluded that such hacktivist groups collaborate amongst each other excessively to conduct nefarious attacks, DDoS being the primary one, followed by defacing attacks. Raven Storm has been the most prevalent tool employed, for such impactful DDoS attacks, by such hacktivist groups", Abhinav Pandey, Cyber Threat Researcher of CloudSEK said.

DDoS can leave websites more vulnerable as some security features may be offline during the attack. Damaged infrastructure can cause the collapse of services provided by the website. Also, websites become vulnerable to further attacks, along with loss of data, and credentials being compromised.