Hacker collective ‘Sylhet Gang – SG’ claimed responsibility for cyber attacks on two Indian banks — The City Union Bank and Dakshin Bihar Gramin Bank (DBGB).
In an announcement made on Telegram, they detailed their involvement in the City Union Bank DDoS attack and the DBGB cyber attack.
While the DBGB cyber attack and the City Union Bank DDoS attack remain unconfirmed, there is growing speculation that the cyber incidents might have been coordinated jointly, as indicated by Falcon Feeds, a threat intelligence platform.
DBGB Cyber Attack by Sylhet Gang
According to the tweet by the Threat Intelligence platform Falcon Feeds, it appears that the DBGB cyber attack and the City Union Bank DDoS attack involved a coordinated effort of several other cybercriminal groups.
As part of the Operation India Campaign, hacktivists collaborated with the Sylhet Group, with participation from other groups named MTB, Team Insane PK, Team Herox, and Aceh About Hacked World.
These hacktivist organizations disclosed their intended targets during the OpIndia operation.
Leading up to the two-day G20 Summit in India, groups hailing from Indonesia, Pakistan, and various other countries issued warnings of potential cyberattacks. The DBGB Cyber Attack appears to align with the same threat of coordinated cyber assaults.
The series of cyber attacks on India’s digital infrastructure was threatened to be conducted during the two-day G20 Summit in India on September 9 and 10. However, several hacktivist groups along with others from Indonesia, and other regions targeted Indian websites before the G20 Summit India.
Hackers posted Checkhost links on their Telegram messages to check the authenticity of their claims of cyber attacks on Indian banks namely DBGB and City Union Bank.
The Telegram message claiming the City Union Bank cyber attack read that it was the 7th attack leaving possibilities of other websites being targeted.
The attack in question has been identified as DDoS, which stands for Distributed Denial of Service attack. In these attacks, botnets are employed to inundate a website with an overwhelming volume of requests simultaneously.
The outcome of such an attack can vary, ranging from rendering the targeted service or website temporarily inaccessible to causing system outages, depending on the severity of the DDoS attack.
It’s important to note that DDoS attacks typically do not result in unauthorized data access or leaks.
The Cyber Express has reached out to the Indian banks for comments about the claims. We will update this report upon receiving a response. The websites of the named banks were accessible after the alleged DBGB cyber attack and the attack on the City Union Bank.
Taking Down of Hacktivist Infrastructure
It appears that legal agencies have been closely working with social media channels to suspend the accounts of hacktivists.
The Twitter account of a hacktivist group named Jambi Cyber Team was suspended soon after they posted clear ID cards and other details stolen from Indian educational institutions and government websites.
Upon investigation by The Cyber Express team, it was discovered that the Twitter account of GanoSec team had also been suspended.
Furthermore, the accounts of Mysterious team, Team Herox (as mentioned in the DBGB DDoS attack post on Telegram), and Animesec were also suspended.
Hacktivist groups are active also on Telegram with most of them using the platform as a command and control server to exchange communications between them and the targeted systems.
In a recent incident, the hacktivist group Anonymous Sudan threatened to target Telegram with a DDoS attack. This threat was due to the messaging platform banning the main account of Anonymous Sudan.
They wrote, “Message to Telegram: You should look into our main channel, why it was banned.’
A retaliatory action such as this was expected as noted in a tweet by Cyber Know, a Threat Intelligence service. “In no surprise at all, Anonymous Sudan has attempted to take down Telegram….” they wrote on Twitter.
“Its these type of spiteful, vengeful attacks that put doubts on the state-controlled narrative of the group,” Cyber Know further added. This rings true as most hacktivists go on launching cyber attacks in retaliation of other hacktivists and speak about fighting corrupt governments as their mission.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.