The recent ALPHV post revealed that on June 21, 2023, the group managed to infiltrate Bangladesh Krishi Bank's network, extracting a staggering amount of over 170 GB of critical information. Their presence went undetected for a period of 12 days, granting them ample time to meticulously examine internal documents and brazenly pilfer valuable data.
Among the compromised information are extremely sensitive financial records such as account details, statements, and tax information. Additionally, the hackers obtained employee data, including emails, passport copies, labor papers, and employment contracts, thereby potentially exposing the personal information of the bank's staff. The threat group also managed to acquire the bank's SQL backup on June 19th, 2023.
"We are here to inform you about the data breach which took place at the 'Bangladesh Krishi Bank' network on June 21st, 2023. As a result of this breach, our team downloaded over 170 GB of sensitive data from this network. Also, we have encrypted all servers and data stored there. We have infiltrated the Krishi Bank network and stayed there for 12 days, it was enough to study their documentation and download everything that was needed," stated the ALPHV post.
According to the ALPHV announcement, the bank did not respond to the attack nor engage in any discussions regarding data recovery. This lack of action prompted ALPHV to issue a warning, urging all investors who have entrusted their funds to Bangladesh Krishi Bank to withdraw their investments within seven days. This warning message was distributed to contacts and emails obtained from the stolen data.
With a 72-hour deadline commencing on July 8th, 2023, ALPHV expected the bank's top management to establish a contact in order to address the situation. The hacker group also disclosed that they had implanted powerful backdoor tools deep within the bank's network infrastructure. This guarantees persistent access for the hackers, enabling them to return at their convenience to carry out further threats.
ALPHV further openly criticized the bank's IT management, asserting their lack of qualifications and skills in effectively safeguarding valuable data.
"The IT management of this bank does not possess the sufficient qualifications and skills to protect their data," the ALPHV post added.
Earlier on June 27, it was reported that a security breach on the website of the Office of the Registrar General, Birth & Death Registration had exposed the personal information of over 5 crore citizens on the internet. The government's Computer Incident Response Team (BGD e-GOV CIRT) has confirmed this data breach.
0 Comments