Cyber Incident Victim: Business Universal Development Bank
Date:
May 2016
Location:
Nepal
Summary
A Turkish hacker group known as Bozkurtlar leaked sensitive data from multiple international financial institutions, including Business Universal Development Bank, compromising customer transactions, credentials, and contact information. The bank's breach involved 251 MB of exposed data, part of a broader campaign targeting several banks with varying scales of impact—from smaller datasets to extensive server backups and financial reports. Analysis suggested potential use of SQL injection techniques in the attacks, aligning with prior breaches attributed to the same group, though the bank itself did not publicly confirm the incident's validity or origin.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving Business Universal Development Bank occurred in mid-May 2016 as part of a broader campaign by the Turkish hacker group Bozkurtlar (Grey Wolves). Between May 12-14, the group leaked sensitive data from six international financial institutions, with Business Universal Development Bank appearing in the first wave of breaches alongside Dutch Bangla Bank, The City Bank, Trust Bank, and Sanima Bank. The attackers exfiltrated 251 MB of data from Business Universal Development Bank, comprising customer transaction records, login credentials, and contact information. This initial breach followed earlier compromises of Qatar National Bank and UAE's InvestBank, with Qatar confirming unauthorized access while InvestBank disputed the novelty of their leaked data. The threat actors employed SQL injection techniques across multiple attacks, with security analysts later identifying potential use of the Hajiv SQL injection tool based on attack patterns and leaked artifacts.
The breach significantly impacted Business Universal Development Bank's data security posture, exposing substantial volumes of sensitive customer financial information. While the bank's specific response wasn't detailed in available reports, the incident formed part of a escalating pattern where Bozkurtlar subsequently leaked 6.97 GB of data from Commercial Bank of Ceylon—the largest breach in this series—containing PHP application files, financial reports, and complete server backups. Security analysts from BankInfoSecurity confirmed the operational severity through forensic examination of both breach batches, noting the second compromise's exceptional scale involving critical infrastructure backups. The cumulative effect compromised banking operations across multiple jurisdictions, though only Qatar National Bank officially acknowledged system penetration at the time of reporting. No customer protection measures or forensic findings specific to Business Universal Development Bank were disclosed in the examined source material.