Cyber Incident Victim: Bangladesh Oil, Gas and Mineral Corporation
Date:
Apr 2019
Location:
Bangladesh
Summary
The Bangladesh Oil, Gas and Mineral Corporation's website experienced repeated defacements by a hacker using the alias "N33LOB33," who claimed the state-owned energy corporation had critically inadequate security. The attacker left contact information on the compromised site, asserting no data was stolen but highlighting extensive vulnerabilities. Communications revealed the hacker offered to remediate the flaws without charge but suggested accepting a bounty if provided, while citing weak defenses as the motivation for the intrusion. The individual also disclosed intentions to target another Bangladeshi institution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The official website of Bangladesh Oil, Gas and Mineral Corporation (Petrobangla) experienced two separate cyber intrusions within a 24-hour period in April 2019. The initial compromise occurred at 5:00 PM local time on Sunday, rendering the website inaccessible until restoration at 9:30 AM the following Monday. Seven and a half hours after being restored, the website was breached again at 5:00 PM Monday by an individual or group using the alias "N33LOB33." The attackers defaced the site with a message criticizing Petrobangla's security posture, stating "It is not possible to work with such security" and "We are fixing the weakness in your security." They provided a Russian email address ([email protected]) for contact and claimed responsibility for both incidents. No data exfiltration was initially confirmed during these attacks, though the hackers later acknowledged the presence of substantial information on the compromised systems.
Third-party investigators from DataBreaches.net established email communication with the attacker, who identified as "b33." The hacker explicitly denied stealing any organizational data during either breach, but emphasized the website contained "so much much information." Petrobangla made no documented contact with the threat actor through the provided communication channel. When questioned about financial motives, b33 stated a willingness to address security vulnerabilities without charge while simultaneously expressing openness to receiving bounty payments. The attacker cited inadequate security measures as the primary motivation for targeting Petrobangla, characterizing their defenses as "nulled security." During communications, b33 disclosed intentions to subsequently target the Bangladesh armed force medical college, though no timeframe or additional details were provided regarding this declared objective. The repeated breaches highlighted persistent vulnerabilities in Petrobangla's web infrastructure and operational security protocols.