CloudSEK has released a new advisory addressing a threat actor group called Team Mysterious Bangladesh that has claimed to have compromised the Indian Central Board of Higher Education. The hackers allegedly stolen personally identifiable information such as names, Aadhaar numbers, Indian financial System code, and more information. The group claimed to have gained access to information pertaining to individuals who were students between the years of 2004 and 2022. Additionally, the group claims to have shared a snapshot of the data to prove its legitimacy.
CloudSEK confirmed that access to the admin panel of the Central Board of Higher Education would allow an individual or attacker to see the results of all students between that time period, as well as alter the data by adding or deleting records. Furthermore, the security firm stated that the leaked information could be used to gain initial access to the firm’s infrastructure and weak passwords could have resulted in brute-force attacks. The data could also enable malicious actors to perform sophisticated attacks against the platform or phishing attacks against the victims.
Read More: ‘Team Mysterious Bangladesh’ Hackers Target Indian Education Entity