Situational Alert for CII, Energy Sectors, Banks

Published on 25-Jul-2025 11:00:00

We would like to inform you that, based on current threat intelligence, there is a potential risk of a large-scale cyberattack targeting Bangladesh’s ICT infrastructure in the coming days. Likely targets include Critical Information Infrastructures (CII) and high-impact sectors such as banking, power, and public services. Recent attack patterns indicate a focus on web application exploitation, website defacement, compromised credentials, and Distributed Denial-of-Service (DDoS) attacks, among others.

In light of this, we strongly advise all organizations to enhance 24/7 monitoring of their IT infrastructure, ensure proper logging, and maintain a heightened security posture to detect and respond to any suspicious activities promptly.

Recommended Defensive Actions:

  1. Implement multi-factor authentication (MFA) for all critical systems.
  2. Immediately review and restrict remote access, VPNs, and privileged accounts.
  3. Urgently apply latest security patches to internet-facing services, servers, firewalls.
  4. Review and patch vulnerabilities in web applications and exposed services.
  5. Disable unused ports and services; enforce least-privilege access.
  6. Utilize effectively SIEM/NIDS to detect abnormal behavior (e.g., lateral movement, DDoS, data exfiltration).
  7. Monitor for suspicious logins, unauthorized file changes, and external connections.
  8. Use EDR or AV with updated threat signatures for detect threat.
  9. Ensure critical data backups are regular, encrypted, and stored offline.
  10. Review and update cyber incident response plans.
  11. Report any IOCs or suspicious activity to BGD e-GOV CIRT/ NCSA at cti@cirt.gov.bd or notify@ncsa.gov.bd