Govt issues alert after 'hacktivist' groups threaten to launch attack on 15 August

The government has asked all public and private organisations to be on alert for possible cyberattacks on 15 August following threats from some hacktivist groups earlier this week.

Warning of possible disruption to IT operations and businesses, the Computer Incident Response Team (BGD e-GOV CIRT) has advised all organisations to take the required precautions to protect their infrastructures.

The hacker groups have been targeting organisations from Pakistan, and Bangladesh, it stated.

In recent research, the team identified several groups with the same motivation. They have been incessantly conducting frequent cyber-attacks against organisations in Bangladesh affecting its operations and businesses.

The hacker groups have been targeting organisations from Pakistan, and Bangladesh. 

The Computer Incident Response Team also identified several groups with the same motivation. They have been incessantly conducting frequent cyber-attacks against organisations in Bangladesh affecting its operations and businesses. 

The groups' primary attack tactics include, Distributed Denial-of-Service (DDoS) attacks, website defacements, compromising the website and using malicious PHP shells as a backdoor to drop payloads.

Top targeted organisation type are gov't and military, law enforcement agencies, banks and non-bank financial institutions, pharmaceuticals, retail and industrial organisations, energy and education sectors. 

Recent notable activities targeting Bangladesh

On 1 August, a hacker group claimed a cyber-attack on Payment Gateway in Bangladesh and Law enforcement and banking organisations.

On 3 July, a hacker group claimed a DDoS attack on Bangladeshi transportation service for 1 hour making the website unavailable for the mentioned time.

On 27 June, a hacker group defaced the website of a Bangladesh government college and shared a web archive supporting their claims.

On 24 June, a hacker group defaced the website of a Bangladesh health organization and shared a web archive supporting their claims.

On 21 June, the group claimed a DDoS attack on the website of Bangladeshi military organisations.

On 20 June, the group claimed to compromise Bangladesh's state-owned investment company, and exfiltrated data of over 100,000 investors and investment applicants. The threat group shared a single screenshot as proof of compromise and planned to release the data after successful exfiltration.

The Computer Incident Response Team has requested all organisations in Bangladesh to take the following measures to ensure their infrastructures' security:

Ensure strict network and user activity monitoring 24/7, especially during non-office hours, and watch out for any indication of data exfiltration.

Ensure implementing load balancer solutions to ensure that no single server is overwhelmed during an attack.

Deploy a Web Application Firewall to analyze incoming HTTP/HTTPS traffic and filter out malicious requests and traffic patterns commonly associated with DDoS attacks.

Ensure vital services such as DNS, NTP as well as network middleboxes are securely configured and are not exposed on the internet.

Validate and sanitize all user input to prevent malicious code injection (e.g., SQL injection, Cross-Site Scripting) that could lead to web defacement.

Perform regular backups of your website's content and database. In the event of defacement, having up-to-date backups enables you to restore your website quickly.

Enforce HTTPS on your website with SSL/TLS encryption. This helps protect data during transmission and prevents attackers from tampering with website content in transit.

Keep all web server software, content management systems (CMS), plugins, and other software components up-to-date with the latest security patches.