A targeted phishing campaign was identified originating from the compromised government/law enforcement email accounts. The attacker leveraged legitimate credentials to gain unauthorized access and send fraudulent emails to a wide range of recipients, primarily within government organizations and law enforcement agencies. This campaign reflects a well-coordinated credential-based phishing operation, targeting critical sectors to exploit trust within intra-government communications. The phishing emails typically include: Embedded phishing...
Read More
We would like to inform you that, based on current threat intelligence, there is a potential risk of a large-scale cyberattack targeting Bangladesh’s ICT infrastructure in the coming days. Likely targets include Critical Information Infrastructures (CII) and high-impact sectors such as banking, power, and public services. Recent attack patterns indicate a focus on web application exploitation, website defacement, compromised credentials, and Distributed Denial-of-Service (DDoS) attacks,...
Read More
BGD e-GOV CIRT, BCC remains committed to proactively securing the nation’s cyberspace. As the extended Eid holidays approach, we anticipate an increased risk of cyberattacks, as malicious actors often exploit periods of reduced monitoring and operational oversight. Our Cyber Threat Intelligence Unit has already identified widespread malware activity, including strains such as Android.vo1d and Avalanche-Andromeda, which have compromised thousands of IP addresses nationwide. In addition...
Read More
The Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT), BCC is working to protect the nation’s cyberspace by proactively managing computer security incidents and related threats. As the long Eid holidays approach, cybercriminals may attempt to exploit security gaps due to reduced monitoring and response capabilities. The CTI unit of BGD e-GOV CIRT has recently detected multiple web-based attack attempts, particularly targeting non-office hours...
Read More
Annual Procurement Plan for the Fiscal Year 2024-25 (Revised) has been published. Click Here to Download the Document
As part of BGD e-GOV CIRT continuous efforts to monitor emerging threats and vulnerabilities that could compromise national security, our Cyber Threat Intelligence Unit has identified 600 vulnerable PRTG instances in Bangladesh affected by CVE-2018-19410—a critical-severity vulnerability. This Local File Inclusion (LFI) and Authentication Bypass flaw is actively exploited by cybercriminals and is listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability, affecting PRTG...
Read More
TLP: CLEAR Distribution: Public Type of Threat: Phishing E-Mail Date: 12 January 2025 Executive Summary Recently, we have observed a surge in phishing attacks targeting various government organizations, law enforcement agencies, educational institutions, and others, with the attacks spreading further through compromised accounts. This campaign is targeted to steal sensitive information by impersonating official entities and leveraging malicious attachments and links. This advisory provides details...
Read More
TLP: CLEAR Distribution: Public Type of Threat: RCE Vulnerability (CVE-2023-46747) Date: 06 November 2024 Executive Summary The Cyber Threat Intelligence Unit of the Bangladesh e-GOV Computer Incident Response Team (BGD e-GOV CIRT) has uncovered active evidence of compromise associated with a critical vulnerability in F5 BIG-IP systems, widely used across Bangladesh’s IT infrastructure. The investigation revealed that attackers managed to gain shell access on...
Read More
The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has recently identified a stealer malware campaign linked to the notorious Lumma Stealer malware family. Further investigation has revealed that multiple variants of stealer malware are being distributed using similar tactics. This report details how our threat intelligence researchers detected and analyzed this evolving malware campaign. Our CTI Unit has been actively monitoring stealer malware...
Read More
