A malware campaign targeting Bangladeshi critical service websites has been uncovered recently. Cyber Threat Research team of Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) recently observed and identified these ongoing development of attacks and malware campaign by the well-known threat actor 'KASABLANKA' specifically targeted to Bangladeshi infrastructure. The specific campaign utilised type of Remote Access Trojan (RAT). Some of the targeted services/institutions and their spoofed domains are Bangladesh Police (bdpolice.co), Islami Bank (isiamibankbd.com), Govt. Corona Portal (corona-bd.com), bKash (bkashagent.com and bkash.club), Brac Bank (bracbank.info) etc.
Remote Access Trojans (RAT) are a unique type of malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested programme.
The motive behind these hacking attempts is not purely financial, according to Cisco Talos Intelligence Group, one of the largest commercial threat intelligence gatherers in the world. In an advisory issued by Warren Mercer, Chris Neal and Vitor Ventura, threat researchers at Cisco Talos, opined that threat actor's motives behind this campaign are merely to spread their botnets within Bangladesh and possibly to tweak for espionage rather than purely from breaching accounts for financial gains. Researchers at Cisco Talos also added that this is a "serious threat" and can result in "significant data breach or heavy financial loss".
One of such malicious websites is corona-bd.com. Through this website, attackers are trying to allure the people interested in vaccination. This phoney website (corona-bd.com/apply) is very much similar to the government's official website associated with COVID-19 vaccine program (corona.gov.bd).
When contacted, Tarique M Barkatullah, Project Director of BGD e-GOV CIRT confirmed. "The threat still persists. We are well aware of it and advised Bangladesh Bank, BTRC and all other relevant bodies to take appropriate measures", he said. He also added that as malware is spreading in Bangladeshi network, so local entities need to be cautious about it.
mj/
