History
2022: Indian students' 18-year data breach over hacker attack
On December 5, 2022, it became known that cybercriminal the Team Mysterious Bangladesh group announced the hacking of the computer system of the Central Council of the Supreme (formations India CBHE). In the hands of intruders could be about data students for an 18-year period throughout the country.
According to Team Mysterious Bangladesh members, personal information about students for 2004-2022 has been compromised. In confirmation, screenshots are presented: cybercriminals received unauthorized access to student names, codes of the Indian financial system (IFSC codes), as well as other information. Among other things, the unique AADHAAR personal numbers assigned by the identification system of citizens and residents of India were stolen (identity determination is carried out on the basis of personal data, fingerprints and photographs of the iris).
Attackers were able to use the administrator panel of the CBHE Delhi system, which makes it possible to view students' personal data and make changes to records. In addition, a "deface" of the service was made: cybercriminals introduced their names.
Information security experts warn that stolen information can be used by scammers for a variety of purposes. Among them are named: gaining initial access to computer infrastructure; conducting "brute force" attacks in case of unreliable passwords; Exfiltration of data distribution of sophisticated ransomware; maintaining a permanent presence in the system. The Team Mysterious Bangladesh group is known for using several scenarios for distributed denial-of-service (DDoS) attacks and an HTTP flood method similar to DragonForce. According to reports, the hacker group also organized attacks on IT systems in Iran.[1]