Cyber Incident Victim: Indian Central Board of Higher Education
Date:
Dec 2022
Location:
India
Summary
A threat actor group known as Team Mysterious Bangladesh compromised systems belonging to India's Central Board of Higher Education, exfiltrating sensitive personal data including names, national identity numbers, and financial codes. The attackers gained unauthorized access to the organization's administrative panel, enabling them to manipulate student records spanning nearly two decades and deface the domain directory. Stolen information could facilitate brute-force attacks, ransomware operations, and persistent network infiltration. The group employed distributed denial-of-service scripts and HTTP flooding techniques consistent with their previous hacktivist activities targeting other nations. Security researchers confirmed the breach exposed vulnerabilities in endpoint management and credential storage practices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around December 5, 2022, the threat actor group "Team Mysterious Bangladesh" claimed responsibility for compromising systems belonging to the Central Board of Higher Education (CBHE) in Delhi, India. Cybersecurity firm CloudSEK identified the breach through its digital risk platform, reporting that the attackers gained unauthorized access to the CBHE administrative panel. This access enabled the group to view student records spanning 2004 to 2022, including personally identifiable information such as names, Aadhaar numbers, and Indian Financial System Codes (IFSC). The actors also demonstrated the ability to manipulate records by adding or deleting data within the system. Evidence of the breach included a snapshot of student data shared by the group, confirming the exposure of sensitive information. Additionally, the attackers defaced a directory within the CBHE domain by replacing content with their group’s name, further substantiating their unauthorized access.
The compromised data posed significant risks, as CloudSEK assessed that stolen Aadhaar numbers and financial codes could facilitate brute-force attacks, ransomware operations, or infrastructure infiltration. The breadth of records—covering 18 years—suggested a large-scale exposure of student information. Team Mysterious Bangladesh employed techniques consistent with their historical tactics, including distributed denial-of-service (DDoS) scripts and HTTP flooding methods resembling the DragonForce attack framework. CloudSEK noted the group’s prior hacktivist activities in Iran, indicating a pattern of targeting educational and governmental entities. While specific defensive measures taken by CBHE were not disclosed, CloudSEK’s advisory highlighted broader concerns regarding unpatched endpoints and unencrypted credentials in .git repositories as systemic vulnerabilities exploited in such attacks. The incident underscored threats to India’s education sector infrastructure and the potential for long-term misuse of exfiltrated student data.