Cyber Incident Victim: Government of India
Date:
Sep 2022
Location:
India
Summary
A Bangladeshi hacktivist group known as Mysterious Team Bangladesh conducted distributed denial-of-service (DDoS) attacks targeting multiple Indian government websites and servers, including those belonging to several state governments. The attackers employed HTTP flood techniques through tools like 'Raven Storm,' causing service disruptions and increased vulnerability to further compromises. The group, composed primarily of students and recent graduates aged 20-25 from Chittagong, publicly claimed responsibility via social media platforms such as Facebook and Telegram. Their activities demonstrated associations with other hacktivist collectives including Indonesia-based 'Hacktivist of Garuda' and historical affiliations with Bangladeshi hacker organizations. The attacks risked infrastructure collapse, credential exposure, and data loss due to disabled security measures during DDoS incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In late September 2022, a Bangladeshi hacktivist group known as Mysterious Team Bangladesh (MT) launched distributed denial-of-service (DDoS) attacks against multiple Indian government digital assets. The group targeted domains and subdomains belonging to the state governments of Assam, Madhya Pradesh, Uttar Pradesh, Gujarat, Punjab, and Tamil Nadu, along with a web server hosted by the Indian national government. The attacks employed HTTP flood techniques designed to overwhelm target systems with excessive traffic. On September 22 or shortly thereafter, a group member publicly claimed responsibility through social media posts on Facebook and Telegram, announcing the execution of these cyber operations. Cybersecurity researchers from CloudSEK subsequently identified and documented these activities, linking them to MT's coordinated campaign.
The attackers primarily utilized a tool called 'Raven Storm,' commonly adopted by hacktivist collectives for conducting impactful DDoS operations. Mysterious Team Bangladesh consisted of members aged 20-25, predominantly residing in Bangladesh's Chittagong region, with many being active students or recent graduates. Key individuals included co-founder Taskin Ahmmed and associates previously affiliated with hacker organizations such as Elite Force 71, Bangladesh Cyber Anonymous Team, and Taskin Vau. The group maintained operational ties to 'Hacktivist of Garuda,' an Indonesia-based collective, and coordinated through platforms including Facebook, Telegram, and Twitter. Researchers confirmed that such attacks could disable security features during bombardment, potentially collapsing critical online services, exposing infrastructure to follow-on intrusions, and risking data loss or credential compromise. No specific mitigation measures or government responses were detailed in available reports of the incident.