Bangladesh hacktivists target critical infrastructure in India, Israel, and Australia

The Mysterious Team Bangladesh hacktivist gang carried out over 750 DDoS attacks within a year driven by religious and political reasons, a report shows.

Research by the cyber security firm Group-IB shows that the gang is actively targeting critical infrastructure in countries outside Bangladesh. It has already carried out over 750 Distributed Denial of Service (DDoS) and more than 70 website defacements this year.

Mysterious Team Bangladesh was founded by a threat actor with the nickname D4RK TSN in 2020 and is associated with Bangladesh. The motivations behind most of the gang’s attacks are religious and political. The group’s activity peaked in May 2023 when it announced a large-scale campaign against India.

Group-IB report
Source Group-IB

“The threat of hacktivism is often underestimated. Hacktivists frequently target critical infrastructure facilities, telecom companies, financial institutions, and governmental organizations. Unlike ransomware threat actors, hacktivists do not engage in negotiations. Their actions are intended to disrupt critical systems, leading to potentially massive monetary and reputational losses for affected organizations,” says Group-IB’s researchers.

Targeting countries with large-scale attacks

Analysis shows that the main countries targeted by the gang are India, Israel, and Australia. The attackers have recently also launched campaigns against organizations in Senegal, Ethiopia, Sweden, the Netherlands, and other countries.

Group-IB report
Source Group-IB

The hackers mainly attack logistics, government, and financial sector organizations, initiating multi-wave campaigns focused on specific countries rather than individual companies. Hacktivist campaigns often emerge as responses to unfolding global events.

Typically, these campaigns remain active for around a week on average. Subsequently, the group tends to shift its focus away from the targeted nation and returns to its usual targets India and Israel.

The hacktivist group most often exploits vulnerable versions of PHPMyAdmin and WordPress and relies on open-source utilities for conducting DDoS and defacement attacks.