In such cases concerned or responsible system owners need be requested to take necessary

awareness/measures to avoid the above incidents or threats which can ensure uninterrupted service of
Teletalk.  All are also requested to undertake the below listed (but not limited to) initiatives;

1. Shut down unnecessary servers or systems (servers or systems that are not currently running any
services).

2. Disable/Stop unnecessary services or ports from server end.

3. Apply the server's inbuilt firewall rules to allow or block IP/Services/ports (where applicable)
for system hardening.

4. Use complex password or passphrase for accessing the servers/systems.

5. Use custom ssh port instead of ssh default port (22) for accessing the servers.

6. Use updated version of web services.

7. Take necessary backups (Configuration files, Log, Databases etc).  

Groups’ background and their operations These groups claim to be hacktivist groups and have been targeting
organizations from Pakistan, and Bangladesh. In our recent research, we identified several groups with the
same motivation. They have been incessantly conducting frequent cyber-attacks against organizations in
Bangladesh affecting its operations and businesses.

The groups’ primary attack tactics include:

 Distributed Denial-of-Service (DDoS) attacks

 Website defacements, compromising the website

 Using malicious PHP shells as a backdoor to drop payloads 

Top targeted Organization Type: o Gov’t & Military o Law Enforcement Agencies o Banking and NBFI o
Pharmaceuticals o Retail and Industrial Organizations o Energy and education sectors

All organizations in Bangladesh are requested to take the following measures to ensure their infrastructures’
security:

• Ensure strict network and user activity monitoring 24/7, especially during non-office hours, and watch out for
any indication of data exfiltration.

• Ensure implementing load balancer solutions to ensure that no single server is overwhelmed during an attack.
• Deploy a Web Application Firewall to analyze incoming HTTP/HTTPS traffic and filter out malicious requests
and traffic patterns commonly associated with DDoS attacks.

• Ensure vital services such as DNS, NTP as well as network middleboxes are securely configured and are not
exposed on the internet.

• Validate and sanitize all user input to prevent malicious code injection (e.g., SQL injection, Cross-Site
Scripting) that could lead to web defacement.

• Perform regular backups of your website's content and database. In the event of defacement, having up-to-
date backups enables you to restore your website quickly.

• Enforce HTTPS on your website with SSL/TLS encryption. This helps protect data during transmission and
prevents attackers from tampering with website content in transit.

• Keep all web server software, content management systems (CMS), plugins, and other software components
up-to-date with the latest security patches.

• Configure and harden web application as per OWASP guideline

 Report or inform BGD e-GOV CIRT regarding the detection of IOCs and/ or any suspicious activities you
observe within your environment, to work in collaboration through https://www.cirt.gov.bd/incident-
reporting/ or cti@cirt.gov.bd
1. Verify the Alert: Ensure that the alert is legitimate and not a hoax or false information. Check
the source of the alert and verify its authenticity.
2. Gather Information: Gather as much information as possible about the nature of the cyber
threat. Understand the potential risks, targets, and methods used by the threat actors.
3. Assess Vulnerabilities: Evaluate your organization's systems, networks, and assets to
determine if they are potentially vulnerable to the identified threat. Consider conducting a
cybersecurity assessment or vulnerability scan.
4. Implement Mitigation Measures: Based on the information gathered, take immediate steps
to mitigate the threat. This could involve updating software, applying security patches,
changing passwords, or implementing additional security controls.
5. Notify Relevant Parties: Inform appropriate stakeholders within your organization, such as IT
teams, security personnel, and management, about the threat and the actions being taken to
address it.
6. Coordinate with Authorities: If the threat is significant and involves criminal activity,
consider involving law enforcement or relevant cybersecurity authorities.
7. Communicate Externally: If necessary, communicate with customers, partners, and other
external parties to inform them about the situation and any precautions they should take.
8. Monitor and Analyze: Continuously monitor the situation to track any developments or
changes in the threat landscape. Analyze any new information that becomes available.
9. Learn and Improve: After the situation has been resolved, conduct a post-incident review to
identify lessons learned and areas for improvement in your organization's cyber threat
response.
10. Stay Informed: Keep up-to-date with the latest cybersecurity trends, best practices, and
emerging threats to enhance your organization's readiness to handle future incidents.

Remember that specific actions will depend on the details of the threat and the context of
your organization. It's important to involve cybersecurity professionals and experts in the
decision-making process to ensure an effective response.