More banks are under cyber attack, with five South Asian banks suffering a data breach. Turkish hacking group Bozkurtlar (translated to “Grey Wolves”) has taken credit for the attack, following its recent attacks on the Qatar National Bank and UAE’s InvestBank.

The new victims, according to Data Breach Today, are located in Bangladesh and Nepal. From Bangladesh, there’s the Dutch Bangla Bank, The City Bank, and Trust Bank. From Nepal, the hackers targeted Business Universal Development Bank and Sanima Bank.

What was taken

The stolen files contain less overall data than the ones from the Qatar National Bank or InvestBank attacks, ranging between 251 megabytes and a mere 95 kilobytes. However, all of them contain at least some customer information or account credentials. Additionally, the data does appear to be old, with the most recent data being from August 2015.

Bozkurtlar has posted links to the files on its Twitter account, so countless cyber criminals could have accessed them by this point. Within the data, one can find records of banking transactions, usernames and passwords, user ID, email, birth dates, ages of parents, mailing addresses and contact numbers – all information that can be used for identity theft. Fortunately, no credit card numbers were stolen.

Analysis indicates that the hack was probably made possible through a webshell upload – a piece of code uploaded to the server that gives attackers administrative privileges to control the system.

Something new or a rerun?

InvestBank states that the data was probably obtained in a breach back in December 2015, so it may not be a more recent hack. In fact, the bank insists that there was no breach in recent times, and security was increased following the 2015 breach to avoid a repeat attack.

Meanwhile, the Qatar National Bank is still recovering from its earlier attack from the same group, but insists that its systems are secure and the incident will not impact its customers financially. The bank claims that some of the information was pulled from unaffiliated sources, such as social media, and that the incident is more an attempted attack on its reputation than its customers.

Photo by foilman