Monday , July 13 2026

Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber threats across Bangladesh. The year saw a surge in ransomware, phishing, hacktivism, and data breaches, affecting both public and private sectors. Critical vulnerabilities in outdated systems, increased use of the dark web for trading stolen data, and the emergence of new ransomware groups demonstrate the evolving sophistication of adversaries. This report outlines key findings, trends, and sectoral impacts to provide a comprehensive understanding of the nation’s cyber risk environment.

Incident Statistics:

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

In 2024, BGD e-GOV CIRT issued 188 cybersecurity reports, including alerts, advisories, and investigation findings. The most common incident types includeing, Data breaches and leaks from IT and financial service providers, Web defacements targeting universities and government institutions, Credential and system compromises through phishing and malware, Ransomware attacks, which more than doubled compared to 2023.

Source: BGD e-GOV CIRT

Exploited Vulnerabilities:

In 2024, a total of 602 software vulnerabilities were actively exploited in Bangladesh, affecting an average of 905 IP addresses per day. The most prevalent was CVE-2017-17215, a critical flaw in Huawei routers, which left 2,192 systems exposed to attackers. Alongside this, high-severity vulnerabilities such as CVE-2023-20198 in Cisco IOS XE and long-standing weaknesses in Oracle WebLogic continued to be heavily targeted. Alarmingly, several legacy flaws dating back to 2014 remain unpatched across national infrastructure, underscoring persistent gaps in patch management and vulnerability remediation.

Source: BGD e-GOV CIRT

Malware Trends:

In 2024, nearly 24,000 Bangladeshi IP addresses were identified as infected with various forms of malware. The most widespread families included Emotet, Mirai, Qakbot, Trickbot, alongside several Remote Access Trojans (RATs) such as Remcos and NetWire. The prominence of Mirai variants highlighted the growing risks posed by insecure Internet of Things (IoT) devices, which remain attractive targets for large-scale botnet operations. Meanwhile, RATs and banking Trojans were leveraged extensively for credential theft and financial fraud, posing significant risks to both individuals and organizations.

Source: BGD e-GOV CIRT

Dark Web Threats

In 2024, dark web forums emerged as a central hub for malicious activity in Bangladesh, serving as marketplaces for data sales, platforms for extortion, and channels for spreading misinformation. Several high-profile incidents underscored this trend: in May, millions of personally identifiable records were leaked from a local IT service provider; in October, root access to a critical server belonging to an energy company was openly advertised for sale; and in November, the data of over 10 million mobile financial service (MFS) users—including phone numbers and SMS transaction records—was leaked. Analysis revealed that the most frequently compromised data types included email addresses, full names, and phone numbers, followed by sensitive identifiers such as government-issued IDs and financial information. The sectors most heavily targeted were defense, education, government, and telecommunications, highlighting the broad spectrum of risks facing Bangladesh’s critical infrastructure and services.

Hacktivism and Disruption

Hacktivist activity in Bangladesh intensified throughout 2024, with a noticeable shift in focus toward the education sector. Universities and schools became prime targets for defacement attacks, often carried out by exploiting weak administrator credentials and outdated web applications. At the same time, Distributed Denial of Service (DDoS) attacks surged, peaking at an unprecedented 15.64 Tbit/sec in December, disrupting critical online services. Hacktivists also engaged in website scraping campaigns, harvesting publicly accessible data from educational and government institutions, later distributing it on dark web forums and messaging platforms. Notably, Bangladeshi hacktivist groups moved away from cross-border cyber conflicts and increasingly directed their efforts toward domestic political protests, using cyberattacks as a tool of dissent against national policies.

Source: BGD e-GOV CIRT

Ransomware Landscape:

Ransomware remained the most severe cyber threat to Bangladesh in 2024, with activity increasing by an alarming 125% compared to the previous year. While long-established groups such as LockBit and ALPHV/BlackCat continued to operate, a wave of emerging actors—notably Kill Security, Valencia, RansomHub, and Sarcoma—rose to prominence and overtook traditional players in terms of impact. Several high-profile incidents marked this trend: Kill Security leaked confidential government documents; Valencia crippled a pharmaceutical company and exposed sensitive financial and operational records; RansomHub targeted a large conglomerate, threatening to release 350GB of stolen data unless ransom demands were met; and Sarcoma compromised an insurance provider, stealing 36GB of data and employing aggressive extortion tactics. These cases reflect broader shifts in the ransomware ecosystem, characterized by the growth of Ransomware-as-a-Service (RaaS), widespread adoption of Living-off-the-Land (LoTL) techniques to evade detection, and increasingly common double-extortion strategies that combine encryption with threats of public data exposure.

Source: BGD e-GOV CIRT

Phishing and Credential Theft:

Phishing remained one of the most effective attack vectors, with government and law enforcement bodies being prime targets. Attackers spoofed .gov.bd domains and leveraged free hosting platforms like Netlify to create fake login pages. Malicious attachments (.rar, .pdf, .html, and disguised executables) were used to deliver malware payloads. Credential-stealing malware families such as Lumma, Redline, Raccoon, Stealc, Meta, and Taurus harvested login data and sold them on the dark web.

In 2024, the cyber threat landscape in Bangladesh was marked by increasingly sophisticated threat actors. The primary threats were driven by ransomware, hacktivism, phishing, and activity on the dark web. Attacks were largely enabled by social engineering, unpatched vulnerabilities, and poor cyber hygiene practices.

“SikkahBot” Malware targets “bKash” “Nagad” “MYGP” “DBBL” with banking users in Bangladesh

Check Also

FortiGate

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the …