HQ/EMEAFind out how we can help your business
A new threat group named ‘Team Mysterious Bangladesh’ revealed that they had attacked the Indian Central Board of Higher Education. Based on reports, the group has impacted the academic institution’s systems.
The hackers may have stolen troves of data that include personally identifiable information such as names, Indian Financial Codes, and Aadhaar numbers, among others.
The threat group’s claims about the attack were backed by their release of information about students from 2004 to 2022. In addition, the adversaries have also leaked a snapshot of the data for a single student.
Access to the administrative panel of the CBHE Delhi platform would allow any individual to review the results of all students from 2004 to 2022. Moreover, individuals who accessed the panel could add or delete records.
The company disclosed that the actors acquired unauthorised access to the admin panel, which allowed them to take illegal actions, such as harvesting data within the CBHE.
The Team Mysterious Bangladesh group has also defaced the targeted domain.
The entity explained that Team Mysterious Bangladesh also compromised one directory of their domain as they defaced it with their names.
The researchers stated that other actors could use the leaked data from CBHE to obtain initial access to the entity’s infrastructure. The information could also pave the way for malicious groups to execute a brute-force tactic.
The data could also give miscreants with information necessary to run sophisticated ransomware attacks, establish persistence, and exfiltrate data.
Team Mysterious Bangladesh is also notorious for utilising numerous scripts for DDoS attacks and an HTTP overwhelming attack tactic identical to the DragonForce group. This threat group have also run several cybercriminal campaigns in Iran aside from the CBHE incident.
The affected company has recommended other entities patch flawed and exploitable endpoints and avoid storing unencrypted files in GitHub repositories to defend against getting affected by the same attack that compromised them.
Admins should also monitor unwanted user account activities that could result in takeovers. Constant monitoring could also avoid getting retargeted by previous attackers.
