A threat actor group named “Team Mysterious Bangladesh” has claimed to have compromised the Indian Central Board of Higher Education (CBHE) systems.
According to a new advisory by cybersecurity experts at CloudSEK, the hackers would have stolen personally identifiable information (PII), including names, Aadhaar numbers, Indian Financial System Codes (IFSC codes) and other details of numerous individuals.
“CloudSEK’s contextual AI digital risk platform [...] discovered a threat actor group named Team Mysterious Bangladesh who claimed to have compromised the CBHE Delhi, India,” the company wrote.
“The group mentioned leaking information about students from 2004 to 2022. The actor shared a snapshot of the data for a student.”
Access to the admin panel of the CBHE Delhi platform would enable any individual to see the results of all students from 2004 to 2022 and even delete or add records, CloudSEK explained.
“Hence, the actors gained unauthorized access to the admin panel, enabling them to compromise the data for CBHE Delhi, India,” the company said. “Additionally, a directory of the domain was compromised by the hacktivist as they defaced it with their names.”
More generally, CloudSEK said the leaked information could be used to gain initial access to the firm’s infrastructure, and commonly used or weak passwords could lead to brute-force attacks. The data could also provide malicious actors with details required to perform sophisticated ransomware attacks, exfiltrate data and maintain persistence.
CloudSEK added that Team Mysterious Bangladesh is known for using several scripts for distributed denial-of-service (DDoS) attacks and an HTTP flooding attack technique similar to DragonForce. Beyond the CBHE attack, the threat actor would have also conducted hacktivism-focused campaigns in Iran.
To defend against threats like this, the company has suggested businesses patch vulnerable and exploitable endpoints and not store unencrypted secrets in .git repositories.
System admins should also monitor for anomalies in user accounts, possibly indicative of account takeovers, as well as cybercrime forums for potential tactics employed by threat actors.
The latest CloudSEK advisory comes roughly two months after Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records.