Notorious BlackCat hackers steal over 170gb sensitive data from Krishi Bank

Notorious ransomware group ALPHV, also known as BlackCat, has claimed responsibility for a targeted attack on Bangladesh Krishi Bank. According to a post by ALPHV on July 7, 2023, the hackers successfully breached the bank's security, gaining access to sensitive data and paralysing its operations.

ALPHV, also referred to as ALPHV-ng, BlackCat, and Noberus, is a ransomware-as-a-service (RaaS) group that emerged in November 2021. This notorious threat actor employs the triple-extortion technique to target organisations globally, spanning various sectors.

According to the ALPHV post, On June 21, 2023, ALPHV infiltrated Bangladesh Krishi Bank's network, extracting over 170gb of crucial information. Their presence went undetected for 12 days, allowing them ample time to study internal documentation and steal valuable data with impunity.

The compromised information includes highly sensitive financial records such as account details, statements, and tax information. The hackers also acquired employee data, including emails, passport copies, labour papers, and employment contracts, potentially exposing the personal information of the bank's staff. The threat group also obtained the bank's SQL backup on June 19th, 2023.

"We are here to inform you about data breach which took place at the "Bangladesh Krishi Bank" network on June 21th 2023. As a result of this breach our team had downloaded over 170Gb of sensitive data from this network. Also we have encrypted all servers and data stored there. We have infiltrated Krishi Bank network and stayed there for 12 days, it was enough to study their documentation and download everything was needed," said the ALPHV post.

According to the post made by ALPHV, the bank did not respond to the attack and did not engage in any discussions regarding data recovery. This decision prompted ALPHV to issue a warning, urging all investors who entrusted their funds to Bangladesh Krishi Bank to withdraw their investments within seven days. The warning message was dispatched to contacts and emails procured from the stolen data.

With a deadline of 72 hours starting from July 8th, 2023, ALPHV expected the bank's top management to initiate contact to address the situation. The hacker group also disclosed that they implanted potent backdoor tools deep within the bank's network infrastructure. This ensures persistent access for the hackers, enabling them to return at will to execute their threats.

ALPHV also openly criticised the bank's IT management, asserting their lack of qualifications and skills in adequately protecting valuable data.

"IT-management of this bank does not have enough qualification and skills to protect their data," the post by ALPHV further said.

Earlier on June 27, it was reported that a security leak from the website of the Office of the Registrar General, Birth & Death Registration had left more than 5 crore citizens' personal information exposed on the internet. The government's Computer Incident Response Team (BGD e-GOV CIRT) confirmed the data breach.