Who is ‘Mysterious Team Bangladesh’, the hacktivist group targeting countries with DDoS attacks

Most hackers like to be discreet, leaving as few footprints about their origin and identities as possible.

But the so-called "Mysterious Team Bangladesh" – a hacktivist group linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022 – is different in this regard.

The group came to the fore following the publication of the Hi-Tech Crime Trends report 2022/2023 by the Singapore-based cyber security firm Group IB.

Whether the group originates from Bangladesh is still not clear.

"The group most frequently attacks logistics, government, and financial sector organisations in India and Israel," the Group IB said in a report published on 3 August.

Some of the other targeted countries include Australia, Senegal, the Netherlands, Sweden, and Ethiopia.

Origin

According to Group IB, unlike traditional cybercriminals or nation-state threat actors who try to remain unnoticed, hacktivists aim to draw as much attention to their cause as possible, be it political, religious, or both.

The Mysterious Team Bangladesh appears to be "primarily driven by religious and political motives".

The Group IB report states that Mysterious Team Bangladesh was founded by a threat actor who goes by D4RK TSN, according to the EverybodyWiki page which was created by the user with the same nickname.

The group has a strong social media presence, including accounts on Facebook, Twitter, Telegram, YouTube, Instagram and LinkedIn.

"We are working to protect Our Bangladesh Cyberspace," the group's Facebook page bio reads. The introduction has given rise to suspicion that it is based in the South Asian country.

The Facebook page was created in 2020. The group claims it was formed that year.

The group's Telegram channel has been active since June 2022 and remains the most comprehensive source of Mysterious Team Bangladesh's past and upcoming attacks, says Group IB.

An analysis of the group's activity in the channel by Group-IB's Threat Intelligence unit "revealed that the members of the group most likely align themselves with Bangladesh".

On 30 August 2022, the group published materials related to the conflict on the border of Myanmar and Bangladesh.

"Later, on 15 December 2022, the group posted a message in celebration of Bangladesh's Victory Day, which further indicates their connection to the country," reads the Group IB report.

Targeting India, Israel, Sweden

Mysterious Team Bangladesh came to the spotlight in late 2022 when CloudSEK revealed the group's plans to attack entities in India.

A December 2022 attack on India's Central Board of Higher Education (CBHE) systems led to the exposure of personally identifiable information such as government identification numbers.

It has since been attributed to DDoS attacks on several UAE government websites.

The very first attack campaign of the group against India, however, took place on 22 June 2022, where the group showcased an affinity for government resources and the websites of banks and financial organisations.

Since then, the group has launched at least four sub-campaigns aimed at India.

The group's activity reached its peak in May 2023, when it announced a large-scale campaign against India.

The group's LinkedIn profile lists "Operation Israel" as an ongoing project since last year, claiming it supports Palestine, and that the "Israeli government [is] killing and torturing Palestine people".

"We will attack their cyberspace until they stop killing Palestine people," it states.

Recently, it launched a campaign targeting multiple organisations in Sweden, potentially triggered by the incident involving the burning of the Quran, which indicates its strong religious sentiment.

Group IB said, "Based on our findings collected from the group's Telegram channel, we assume that there is a particular pattern in the gang's attacks. The cycle begins with the group noticing a news event, which becomes a trigger for launching a 'thematic' campaign against a specific country. On average, such campaigns do not last longer than a week.

"After that the group typically loses interest in the targeted country and reverts to its typical targets: India and Israel.

"In general, the gang focuses on specific countries rather than individual companies or sectors.

"Based on the group's activity in their Telegram channel, we assume that before the actual attack, the members of Mysterious Team Bangladesh conduct a short-term low impact DDoS attack in order to test the resilience of their targets."

The group shows a preference for targeting government resources and the websites of banks and financial organisations. However, if it is unable to find a victim within these sectors, they try to massively exploit domains within the targeted country's domain zone.

Roots in geopolitical conflict

Groups like Mysterious Team Bangladesh are on the rise and their activity is becoming more and more noticeable.

According to Group IB, such rise in hacktivism might be rooted in the recent surge in geopolitical conflicts.

"The renaissance of hacktivism across the globe may have its roots in the ongoing geopolitical conflict, during which hacktivists have carried out multiple campaigns," the company said.

"As can be seen, modern hacktivist groups are less motivated by any ideology but strive to develop their own brand and recognition in order to subsequently monetize their information resources through the sale of advertising."