We're Live Bangla Thursday, May 06, 2021



A malware campaign targeting Bangladeshi critical service websites has been uncovered recently. Cyber Threat Research team of Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) recently observed and identified these ongoing development of attacks and malware campaign by the well-known threat actor 'KASABLANKA' specifically targeted to Bangladeshi infrastructure. The specific campaign utilised type of Remote Access Trojan (RAT). Some of the targeted services/institutions and their spoofed domains are Bangladesh Police (bdpolice.co), Islami Bank (isiamibankbd.com), Govt. Corona Portal (corona-bd.com), bKash (bkashagent.com and bkash.club), Brac Bank (bracbank.info) etc.

Remote Access Trojans (RAT) are a unique type of malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested programme.

The motive behind these hacking attempts is not purely financial, according to Cisco Talos Intelligence Group, one of the largest commercial threat intelligence gatherers in the world. In an advisory issued by Warren Mercer, Chris Neal and Vitor Ventura, threat researchers at Cisco Talos, opined that threat actor's motives behind this campaign are merely to spread their botnets within Bangladesh and possibly to tweak for espionage rather than purely from breaching accounts for financial gains. Researchers at Cisco Talos also added that this is a "serious threat" and can result in "significant data breach or heavy financial loss".

One of such malicious websites is corona-bd.com. Through this website, attackers are trying to allure the people interested in vaccination. This phoney website (corona-bd.com/apply) is very much similar to the government's official website associated with COVID-19 vaccine program (corona.gov.bd).