Cyber Incident Victim: Trust Bank
Date:
May 2016
Location:
Bangladesh
Summary
Trust Bank experienced a data breach involving unauthorized access and leakage of customer transaction records, credentials, and contact information by the Turkish hacker group Bozkurtlar, which exploited SQL injection vulnerabilities. The incident occurred alongside similar attacks against multiple international financial institutions, with leaked data volumes ranging from 96 KB to 251 MB across affected banks. This breach formed part of a broader pattern of cyber intrusions targeting banking systems, including SWIFT-related compromises where attackers manipulated internal banking interfaces to conceal fraudulent transactions. The attackers utilized tools like Hajiv to extract sensitive information, though the bank's specific operational systems or financial losses beyond data exposure were not explicitly detailed in available reports.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In May 2016, the Turkish hacker group Bozkurtlar (Grey Wolves) claimed responsibility for breaching multiple international banks, including Trust Bank, as part of a broader campaign targeting financial institutions. The group leaked approximately 96 KB of data from Trust Bank, which included customer transaction records, credentials, and contact information. This breach occurred alongside attacks on five other banks: Dutch Bangla Bank, The City Bank, Business Universal Development Bank, Sanima Bank, and Commercial Bank of Ceylon. The attackers released the data in two batches, with Trust Bank’s information appearing in the first wave. The leaks followed a pattern similar to the group’s earlier breach of Qatar National Bank, which had been attributed to an SQL injection vulnerability. BankInfoSecurity analyzed the leaked data, noting the involvement of Hajiv, an SQL injection tool, across all attacks. Trust Bank’s breach was part of a coordinated effort that exposed sensitive financial data across multiple institutions within a short timeframe.
The attackers compromised Trust Bank’s systems by exploiting vulnerabilities in web applications, though the exact initial vector was not explicitly detailed in public reports. The leaked data from Trust Bank represented a subset of a larger campaign that culminated in the theft of 6.97 GB of data from Commercial Bank of Ceylon, including PHP files, financial reports, and server backups. While Qatar National Bank acknowledged its breach, Trust Bank’s public response or confirmation of the incident was not documented in the available sources. The scale of the breaches varied significantly, with Business Universal Development Bank losing 251 MB of data and Sanima Bank 47 MB. The incidents highlighted systemic security weaknesses across regional banks, particularly in safeguarding customer financial information and transaction records. The leaks exposed operational details and heightened concerns about the resilience of banking infrastructure against SQL injection and similar attack methods.