-
Hackers claimed they targeted a Bangladesh government website with a defacement attack in a recent dark web post.
-
The threat actor group Lei$ claimed responsibility for the attack, with a message ‘#PUNISH THE INJUSTICE#” on the defaced website.
-
This attack isn’t some random one-off. Bangladesh government websites have been taking similar blows for years now, DDoS attacks, data leaks, etc.
Hackers just tagged another Bangladesh government website, leaving a political message on the front page.
The hacktivist group behind the attack calls itself Lei$. They even bragged about their stunt in a dark web post with screenshots of their work.
Details of the Attack
Apparently, the defaced website belongs to the Bangladesh government’s HR management system. Anyone who checks can still see the compromised page at the hxxps://hrm.rdcd.gov.bd/lei.html, although the officials will likely take it down soon.
The hackers posted a message that read “#PUNISH THE INJUSTICE#” in bold red characters. Based on the technical details in the screenshot, the whole thing went down just before midnight on March 8. The server is running Nginx and sits somewhere in Bangladesh.
Past Breaches Against the Bangladesh Govt. Sites
This isn’t a first for Bangladesh government sites. Government sites in Bangladesh have faced wave after wave of cyber attacks for years. In 2016, hackers hijacked .gov.bd domains to run phishing campaigns targeting Wells Fargo, Google, and AOL customers.
Also, security firm Natcraft found that one in every 100 Bangladesh government sites experiences phishing incidents, which is a surprising ratio. Then, in July 2023, hackers stole the personal information of 50 million citizens from the Office of the Registrar General, including name and ID number. Anyone could use these details to extract more personal information using public government tools.
That same month, a ransomware attack hit Bangladesh Krishi Bank’s core banking system. Biman Bangladesh Airlines also met a similar fate in March of the same year, with the hackers asking for $5 million in ransom. They later leaked 100 gigabytes of data when the government couldn’t recover it in time.
Cross-border hacking groups have spearheaded many attacks. In a single year, Indian hackers leaked 84 police login credentials, leaked data of 270,000 Bangladesh citizens from Cox’s Bazar police servers and attacked Khilna Metropolitan Police systems.
Implications of Website Defacement Attacks
Website defacement is basically when hackers break into a server and swap out the real content for their own messages. It’s kind of like digital graffiti; the intruders paste their tags right on the government site for everyone to see.
It’s an embarrassment for the government, but the damage is much worse. If hackers can change what appears on an official site, it clearly shows they’ve found security gaps that can lead to way bigger problems.
Through that same security hole the hackers used to post messages on the site, they might also steal entire databases, drop malware, or install secret backdoors that’ll let them in anytime in the future.
And for regular people? Seeing a defaced government site just kills trust. If hackers can waltz in and leave their mark, what does that say about all the personal info sitting on those servers?
The Bangladesh government’s Computer Incident Response Team (BGD eGOV CIRT) has put out warning after warning about this. They told everyone running critical infrastructure, both government, military, and financial organizations to be vigilant.
But the latest incident suggests the threats still find a way through. Take Biman Bangladesh Airlines. CIRT warned the airline about suspicious malware activity and an open backdoor two days before a ransomware attack hit. They’d even flagged similar problems back in 2022. But sometimes these warnings get ignored until reality crashes in.
How to Combat These Attacks
Following these few practical steps could help organizations and government agencies to avoid falling victim to these attacks:
- Always update your software. Many attacks happen because of vulnerabilities that already have fixes, but the user failed to apply them by updating the software. Patching software shuts those paths down fast.
- Employee training on identifying phishing is important. Users are often the weakest link in security. Most attacks start by tricking someone into clicking something in an email. Regular training helps people know how to spot suspicious messages to avoid clicking on something that’ll cause problems.
- Lock down access. Only give website editing rights to the folks who really need them. Turn on multi-factor authentication wherever you can. And never leave default passwords or open server doors; those are just invitations for trouble.
- Stay alert for weird activity. If you see files changing unexpectedly, strange traffic leaving your network, or login attempts you don’t recognize, act fast. Catching things early makes all the difference.
- Having a response plan in case things go south. Know who to call when there’s a problem and how to bring your systems back up. When every minute counts, having a plan ready saves time and money too.
The hackers behind the latest attack wanted to pass a message. But for anyone in charge of government data, the real message is hard to miss: attackers aren’t backing off, and these weaknesses won’t fix themselves.
The stakes couldn’t be higher, as demonstrated by the 240 million Pakistani records now circulating on the dark web, a breach that shows what happens when vulnerabilities aren’t addressed before criminals find them.
