• Saturday, Jan 22, 2022
  • Last Update : 03:32 am

Cyber attacks hit over 200 organizations including Bangladesh Bank, BTRC

  • Published at 05:58 pm April 2nd, 2021
WEB_Cybersecurity
File Photo: Silhouettes of laptop users are seen next to a screen projection of binary code are seen in this picture illustration taken March 28, 2018 Reuters

Govt’s cyber threat report asks organizations to check vulnerability and take measures

A hacker group called ‘Hafnium’ has launched attacks on more than 200 ogranizations in Bangladesh,  including Bangladesh Telecommunication Regulatory Commission (BTRC), Bangladesh Bank, commercial banks, and internet service providers. 

BGD e-GOV CIRT, the e-Government Computer Incident Response Team, and Bangladesh Computer Council (BCC) informed about the attacks through a cyber threat report on Thursday night. 

The report said the hacker group made the attacks last month.

“We were just trying to see global attacks but then through research we found that it has also attacked us. Later, we uploaded the recovery system on our website,” Tarique M Barkatullah, director, BCC and project director, BGD e-Gov CIRT, told Dhaka Tribune. 

He said: “A malware is inserted through Microsoft Exchange Server. Although, no money has been stolen yet but information has been leaked which creates a fear of huge financial loss or stealing of money in future.”

However, companies can recover themselves from this attack by using the Hafnium exploit file, he added.

Hafnium

According to the Bangladesh Computer Council (BCC), the threat actor behind the malware is known as “Hafnium”. It is also observed that, there are activities of several hacker groups that exploit vulnerabilities in Microsoft Exchange Server.

Hafnium, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures. 

However, an alert on this attack has also been given on the Microsoft website on Friday.

The alert said Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. 

In the attacks observed, the threat actor used these vulnerabilities to access on-premises exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. 

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to Hafnium.


Also read - Hackers have eye on 6 Bangladeshi organisations


The BGD e-GOV CIRT has asked a number of state-owned and private organizations to carry out scans of their mail servers to see if any malware had been injected into their system and to believe that they have been compromised if such malware was found.

Hafnium has carried out such attacks around 100,000 companies across the globe.

Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. 

This group has overlaps in tactics and technique with other Chinese hacker groups. If we establish an exact match with another known group, we will supplement it with this profile, said BCC.

It also attacked Germany, Canada, France, Belgium, Italy, Hong Kong, South Korea, Turkey, United Arab Emirates and Israel etc.

Their targeted industries or sectors are banking and finance, government-local healthcare, law and law enforcement agencies, defense, heavy industries and engineering, aerospace, science-and-education: universities and colleges, energy & power and non-profit.

On March 15, Chile's bank regulator was compromised through ProxyLogon vulnerabilities in Microsoft Exchange Server, according to Comisión para el Mercado Financiero (CMF).

Measures to protect 

Some Bangladeshi organizations running Microsoft Exchange Server have also been compromised by the cyber attacks, said BGD e-GOV CIRT in an advisory.

BGD e-GOV CIRT said all the organizations are requested to take action measures such as run newly developed tools —Microsoft’s “Test-ProxyLogon.ps1 script” and Safety Scanner “MSERT”—to investigate whether their Microsoft Exchange Servers have been compromised. 

Maintain up-to-date antivirus signatures and engines, keep operating system patches up-to-date, disable file and printer sharing services. 

“If these services are required, use strong passwords or active directory authentication.  Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.  Enforce a strong password policy and implement regular password changes,” said the advisory.

“Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known.  Report or inform BGD e-GOV CIRT regarding any incident or issues to work in collaborated fashion through https://www.cirt.gov.bd/incident-reporting/, “ it added.

50
Facebook 50
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail