Cyber Incident Victim: Sanima Bank Limited

The Sanima Bank data breach occurred in May 2016 as part of a coordinated campaign by the Turkish hacker collective Bozkurtlar (Grey Wolves), which targeted multiple international financial institutions. Between May 10-14, the group leaked stolen data from six banks across different countries, with Sanima Bank being among the first five victims announced. The attackers exfiltrated 47 MB of sensitive information from Sanima Bank, including customer transaction records, login credentials, and personal contact details. This breach followed the group's earlier compromise of Qatar National Bank and UAE's InvestBank, establishing a pattern of attacks against Middle Eastern and South Asian financial institutions. The leaked Sanima data appeared alongside information from Dutch Bangla Bank (312 KB), The City Bank (11.2 MB), Trust Bank (96 KB), and Business Universal Development Bank (251 MB) in the initial disclosure wave. While Qatar National Bank acknowledged their breach, Sanima Bank's official response wasn't documented in available reports.

BankInfoSecurity's analysis of the breach campaign revealed technical indicators suggesting the attackers employed Hajiv, an SQL injection tool, across all compromises. The scale of data theft varied significantly between targets, with Sanima's 47 MB breach dwarfed by the subsequent 6.97 GB leak from Commercial Bank of Ceylon in the second wave. This later breach contained more extensive infrastructure data including PHP files, financial reports, and server backups. The attackers' methodology appeared consistent across incidents, exploiting SQL injection vulnerabilities to access banking systems. No remediation efforts or containment actions by Sanima Bank were specifically reported, unlike InvestBank's claim that their leaked data originated from a prior unrelated breach. The incident exposed sensitive customer financial information but didn't include reports of immediate financial fraud or system disruption.