Hacktivist Group Mysterious Team Bangladesh Goes on DDoS Rampage

The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.

A gang of hacktivists driven by religious and political motives has emerged as a prodigious new threat, using open-source utilities to carry out a spate of more than 750 distributed denial of service (DDoS) attacks and 78 website defacements in only a years time, researchers have found.
Dubbed Mysterious Team Bangladesh, the group has targeted organizations in geographies as diverse as the Netherlands, Senegal, and the United Arab Emirates, but primarily has in its crosshairs government, financial, and transportation-sector organizations in India and Israel, Group-IBs Threat Intelligence Team revealed
in a blog post
on Aug. 3.
While the group was founded in 2020 by a threat actor who goes by the online handle D4RK TSN, it didnt begin its cybercriminal activity in earnest until June 2022. However, Mysterious Team Bangladesh wasted no time in making its mark, with a total of 846 attacks under its belt between June 2022 and last month, said the researchers, who have been tracking the group on its Telegram channel.
The highest percentage of those attacks, 34%, occurred in India, followed by 18.1% of attacks in Israel; in fact, these nations appear to be Mysterious Team Bangladeshs top priorities.
However, as the group has diversified its attack geographies and targets in recent months, the researchers expect the group to intensify its focus on financial companies and government entities in Europe, and other parts of Asia-Pacific and the Middle East, in the near future.
The group shows a preference for targeting government resources and the websites of banks and financial organizations, according to the Group-IB post, which is attributed to John Doe. However, if the group is unable to find a victim within these sectors, they try to massively exploit domains within the targeted countrys domain zone.
While
hacktivist groups
often are underestimated, modern versions can and do pose a significant, sophisticated threat thats on par with more financially motivated threat actors, according to Group-IB. However, unlike those actors, hacktivists dont tend to negotiate and, in fact, are
intent on disrupting critical systems
, potentially leading to significant financial and reputational losses for affected organizations.
A typical attack by Mysterious Team Bangladesh begins with the group taking notice of a news event that triggers a theme-based campaign against a specific country, which usually lasts about a week before the group loses interest. It then goes back to focusing on attacks against India and Israel.
The group likes to test the waters before fully diving into an attack, carrying out a short test attack to check a targets resistance to
DDoS attacks
. It most often exploits
vulnerable versions of PHPMyAdmin and WordPress
in its malicious activity.
The use of PHP may involve PHPMyAdmin; both frameworks are quite common and have a large number of known exploits, which underlines the importance of timely software updates, Doe wrote in the post.
While the bulk of the attacks have come so far in the form of DDoS, the group also has defaced targets websites, and also, in some cases, may have gained access to Web servers and administrative panels by using exploits for widely known vulnerabilities or common/default passwords for admin accounts.
Rather than develop its own malicious tools or malware, Mysterious Team Bangladesh uses various open-source, widely available utilities, including the ./404FOUND.MY utility, the Raven-Storm toolkit, penetration-testing tool Xerxes, and DDoS tool Hulk.
The group leverages these to conduct DDoS attacks at different network layers, including Layer 3, Layer 4, and Layer 7, the researchers found. This means it can carry out both attacks directed at individual servers, as well as
DNS-amplification
attacks that direct a large volume of traffic toward a victims network.
Though its been
a popular method
of cyberattack for many years, DDoS remains a critical threat to organizations. In fact,
a recent study
found that organizations are more worried about DDoS over other types of common cyberattacks due to their immediate potential to impact business.
To
defend
against DDoS attacks, Group-IB recommended that organizations deploy load balancers to distribute traffic to minimize the impact of DDoS. They also should configure firewalls and routers to filter and block suspicious traffic.
Content delivery networks, or geographically distributed server groups that caches content close to end users, can also help organizations distribute traffic across a network to thwart a DDoS attack. Organizations also should regularly update Web-server backend software to prevent attackers from exploiting known vulnerabilities that may be present on the network.
Finally, organizations can use emerging artificial intelligence (AI) and machine learning (ML) tools to
assist network security teams
in making more accurate and faster decisions about what constitutes a DDoS threat or is a more concerning, ongoing attack.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Hacktivist Group Mysterious Team Bangladesh Goes on DDoS Rampage