BlackCat Hackers Expose Massive Krishi Bank Breach Loot Over 170GB of Highly Sensitive Data in Daring Cyberattack

ALPHV, a notorious ransomware group also known as BlackCat, has taken credit for a targeted attack on Bangladesh Krishi Bank. In a post dated July 7, 2023, ALPHV claimed to have successfully breached the bank's security, gaining unauthorized access to sensitive data and effectively disabling its operations.

ALPHV also referred to as ALPHV-ng, BlackCat, and Noberus, operates as a ransomware-as-a-service (RaaS) group that emerged in November 2021. This highly infamous threat actor utilizes the triple-extortion technique to target organizations across various sectors worldwide.

The recent ALPHV post revealed that on June 21, 2023, the group managed to infiltrate Bangladesh Krishi Bank's network, extracting a staggering amount of over 170 GB of critical information. Their presence went undetected for a period of 12 days, granting them ample time to meticulously examine internal documents and brazenly pilfer valuable data.

Among the compromised information are extremely sensitive financial records such as account details, statements, and tax information. Additionally, the hackers obtained employee data, including emails, passport copies, labor papers, and employment contracts, thereby potentially exposing the personal information of the bank's staff. The threat group also managed to acquire the bank's SQL backup on June 19th, 2023.

"We are here to inform you about the data breach which took place at the 'Bangladesh Krishi Bank' network on June 21st, 2023. As a result of this breach, our team downloaded over 170 GB of sensitive data from this network. Also, we have encrypted all servers and data stored there. We have infiltrated the Krishi Bank network and stayed there for 12 days, it was enough to study their documentation and download everything that was needed," stated the ALPHV post.

According to the ALPHV announcement, the bank did not respond to the attack nor engage in any discussions regarding data recovery. This lack of action prompted ALPHV to issue a warning, urging all investors who have entrusted their funds to Bangladesh Krishi Bank to withdraw their investments within seven days. This warning message was distributed to contacts and emails obtained from the stolen data.

With a 72-hour deadline commencing on July 8th, 2023, ALPHV expected the bank's top management to establish a contact in order to address the situation. The hacker group also disclosed that they had implanted powerful backdoor tools deep within the bank's network infrastructure. This guarantees persistent access for the hackers, enabling them to return at their convenience to carry out further threats.

ALPHV further openly criticized the bank's IT management, asserting their lack of qualifications and skills in effectively safeguarding valuable data.

"The IT management of this bank does not possess the sufficient qualifications and skills to protect their data," the ALPHV post added.

Earlier on June 27, it was reported that a security breach on the website of the Office of the Registrar General, Birth & Death Registration had exposed the personal information of over 5 crore citizens on the internet. The government's Computer Incident Response Team (BGD e-GOV CIRT) has confirmed this data breach.