This Bangladesh Hacktivist Group Targets Critical Infrastructure – and It Isn’t Trying to Hide
This post is also available in: 
עברית (Hebrew)
A hacktivist group called “Mysterious Team Bangladesh” attacked over 750 times this year using the DDoS (Distributed Denial of Service) method and defaced over 70 websites. According to research performed by cyber security firm Group-IB, they seem to be driven by political and religious reasons.
“Mysterious Team Bangladesh” was founded in 2020 by a threat actor nicknamed “D4RK TSN” and is it unclear whether it originates from Bangladesh. Their activity peaked in May of 2023 after announcing a large-scale campaign against India.
Group-IB’s research reads- “The threat of hacktivism is often underestimated. Hacktivists frequently target critical infrastructure facilities, telecom companies, financial institutions, and governmental organizations. Unlike ransomware threat actors, hacktivists do not engage in negotiations. Their actions are intended to disrupt critical systems, leading to potentially massive monetary and reputational losses for affected organizations.”
Unlike traditional cybercriminals or nation-state threat actors who try to remain unnoticed, hacktivists aim to draw as much attention to their cause as possible.
According to Cybernews, the main countries targeted by the group are Israel, India, and Australia, but they have also recently launched attack campaigns against organizations in Senegal, Ethiopia, Sweden, the Netherlands, and other countries.
Their method of attack mainly focuses on targeting logistics, government, and financial sector organizations, in which they initiate multi-wave campaigns focused on specific countries rather than various individual companies. These hacktivism campaigns often emerge in response to current global events.
These types of campaigns are usually active for about a week, then the group usually shifts its focus away from the targeted nation and returns to its usual targets Israel and India.
The group usually likes to exploit vulnerable versions of PHPMyAdmin and WordPress, and relies on open-source utilities for conducting DDoS and defacement attacks.
