Be careful where you log on
A malware campaign using spoof domains of critical Bangladeshi service websites has been uncovered recently.
The Cyber Threat Research team of the government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) recently observed and identified these attacks and malware campaign by the well-known threat actor "KASABLANKA" specifically targeted at Bangladeshi infrastructure.
For all latest news, follow The Daily Star's Google News channel. The specific campaign utilised a type of Remote Access Trojan (RAT) and spoof domains of government services/institutions like Bangladesh Police (bdpolice.co), Islami Bank (isiamibankbd.com), government coronavirus portal (corona-bd.com), bKash (bkashagent.com and bkash.club) etc.
The hackers are infecting unsuspecting users' devices and collecting data and opening back doors.
The RAT is a unique type of malware programme that includes a back door for administrative control over the target computer. The RATs are usually downloaded invisibly with a user-requested programme.
The motive behind these hacking attempts is not purely financial, according to Cisco Talos Intelligence Group, one of the largest commercial threat intelligence gatherers in the world.
In an advisory issued by Warren Mercer, Chris Neal and Vitor Ventura, threat researchers at Cisco Talos, opined that threat actor's motives behind this campaign are merely to spread their botnets within Bangladesh and possibly to tweak for espionage rather than purely from breaching accounts for financial gains.
Researchers at Cisco Talos also added that this is a "serious threat" and can result in "significant data breach or heavy financial loss".
One of such malicious websites is corona-bd.com. Through this website, attackers are trying to allure the people interested in vaccination. This phoney website (corona-bd.com/apply) is very much similar to the government's official website on Covid-19 vaccination programme.
Contacted, Tarique M Barkatullah, project director of BGD e-GOV CIRT, said the threat still persists.
"We are well aware of it and advised Bangladesh Bank, BTRC and all other relevant bodies to take appropriate measures in this regard."
As malware is spreading in Bangladeshi network, local offices and institutions need to be cautious about it, he added.
Comments