Government of Bangladesh Company CyberSecurity Posture
bangladesh.gov.bd
The Government of Bangladesh (Bengali: বাংলাদেশ সরকার Bangladesh Sôrkar GOB) is led by the Prime Minister, who selects all the remaining Ministers. The Prime Minister and the other most senior Ministers belong to the supreme decision-making committee, known as the Cabinet. The Government has three branches; the Executive branch, the Legislative branch and the Judicial branch.
Company Details
government-of-the-people-s-republic-of-bangladesh
3,050
9,655
92
bangladesh.gov.bd
0
GOV_2177281
In-progress
GB Risk Score (AI oriented)Between 700 and 749
GB Global Score (TPRM)XXXX
Description: Bitter APT Expands Cyberespionage Campaigns with Sophisticated Tools and Targets The advanced persistent threat (APT) group Bitter (also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger), linked to the Indian government, has intensified its cyberespionage operations. According to a joint analysis by Proofpoint and Threatray, the group has launched spear-phishing attacks impersonating government and diplomatic entities from Bangladesh, Pakistan, China, and South Korea, aiming to deploy malicious payloads. Bitter’s recent campaigns have leveraged multiple tools, including: - KugelBlitz and BDarkRAT payloads for system compromise. - ArtraDownloader, which deploys the WSCSPL backdoor for system data exfiltration. - Almond RAT and MuuyDownloader trojans for remote access and persistence. - ORPCBackdoor, previously associated with the Mysterious Elephant threat actor another group tied to Indian APTs SideWinder and Confucius. - KiwiStealer, an information-stealing malware designed to harvest sensitive data. The findings highlight Bitter’s evolving tactics, combining social engineering with a diverse arsenal of malware to conduct targeted espionage. The group’s infrastructure and toolset suggest continued alignment with state-sponsored objectives.
No incidents recorded for Government of Bangladesh in 2026.
No incidents recorded for Government of Bangladesh in 2026.
No incidents recorded for Government of Bangladesh in 2026.
GB cyber incidents detection timeline including parent company and subsidiaries
The Government of Bangladesh (Bengali: বাংলাদেশ সরকার Bangladesh Sôrkar GOB) is led by the Prime Minister, who selects all the remaining Ministers. The Prime Minister and the other most senior Ministers belong to the supreme decision-making committee, known as the Cabinet. The Government has three branches; the Executive branch, the Legislative branch and the Judicial branch.
Official LinkedIn page for the state of Oregon. Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate mu
For more information about GAO, please visit www.gao.gov. General Information The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dolla
MISIÓN/PROPÓSITO: La SEP tiene como propósito esencial crear condiciones que permitan asegurar el acceso de todas las mexicanas y mexicanos a una educación de calidad, en el nivel y modalidad que la requieran y en el lugar donde la demanden. VISIÓN: En el año 2025, México cuenta con un sistema
Är du beredd att tänka nytt och hitta framtidens lösningar? För vårt framtida uppdrag behöver vi medarbetare med hög kompetens, stort engagemang och som strävar efter ständig förbättring. Vid din sida kan du få engagerade kollegor inom hundratals kvalificerade yrken – ekonomer, sjuksköterskor, ju
#MeTeemmeHelsingin Helsingin kaupunki on Suomen suurin työnantaja, jonka palveluksessa on lähes 39 000 ammattilaista ja asiantuntijaa. Helsingin kaupunki tarjoaa henkilöstölle monipuolisia, mielenkiintoisia ja yhteiskunnallisesti merkittäviä työtehtäviä, hyvät mahdollisuudet kehittymiseen, ammatti
Our mission is to promote student achievement and preparation for global competitiveness by fostering educational excellence and ensuring equal access. ED is dedicated to: • Establishing policies on federal financial aid for education, and distributing as well as monitoring those funds. • Collect
Cape Town, or the Mother City, is South Africa’s oldest city, its second-most populous and the legislative capital. It is made up of a diverse population, a rich history, world-famous tourist attractions and an exciting calendar of international and local events. More than 231 councillors and 26 22
Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state. We are a team of dedicated public servants committed to high performance, innovative thinking, and delivering excellent and efficien
The Ministry of Health (MOH), by way of its objectives, policies and projects included in this strategy, seeks to accomplish a promising future vision; namely, delivering best-quality integrated and comprehensive healthcare services. Carrying health conditions or health status of Saudi inhabitants t
.png)
(MENAFN- AsiaNet News). Muhammad Yunus, the Chief Adviser of the Interim government of Bangladesh directed the formation of a Cyber Security...
Muhammad Yunus, Chief Adviser of Bangladesh's interim government, has directed the formation of a Cyber Security Council to ensure security...
Bangladesh Update: Interim government cautions media not to publish statements by “convicted and fugitive” Sheikh Hasina, citing national...
The government has taken a hard line against the growing prevalence of gambling, betting, and pornography-related content in the country's...
DHAKA, Sept 2, 2025 (BSS) - Bangladesh Computer Council (BCC) has invited applications from experienced and skilled ICT professionals for...
With over 20 years of expertise in the cybersecurity field, Shakil Md. Rezwanul Bari has been instrumental in fortifying digital defenses...
According to the Bangladesh Telecommunication Regulatory Commission (BTRC), we have over 132 million internet users in Bangladesh.
The government has issued a gazette of the Cyber Security Ordinance, 2025, to identify, prevent, suppress, and subsequently to try the crimes committed in...
The revised ordinance covers new offences related to artificial intelligence and leaves provision allowing arrest of individuals without a warrant intact.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Government of Bangladesh is http://www.bangladesh.gov.bd/.
According to Rankiteo, Government of Bangladesh’s AI-generated cybersecurity score is 746, reflecting their Moderate security posture.
According to Rankiteo, Government of Bangladesh currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Government of Bangladesh has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, Government of Bangladesh is not certified under SOC 2 Type 1.
According to Rankiteo, Government of Bangladesh does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Government of Bangladesh is not listed as GDPR compliant.
According to Rankiteo, Government of Bangladesh does not currently maintain PCI DSS compliance.
According to Rankiteo, Government of Bangladesh is not compliant with HIPAA regulations.
According to Rankiteo,Government of Bangladesh is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Government of Bangladesh operates primarily in the Government Administration industry.
Government of Bangladesh employs approximately 3,050 people worldwide.
Government of Bangladesh presently has no subsidiaries across any sectors.
Government of Bangladesh’s official LinkedIn profile has approximately 9,655 followers.
Government of Bangladesh is classified under the NAICS code 92, which corresponds to Public Administration.
No, Government of Bangladesh does not have a profile on Crunchbase.
Yes, Government of Bangladesh maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/government-of-the-people-s-republic-of-bangladesh.
As of January 21, 2026, Rankiteo reports that Government of Bangladesh has experienced 1 cybersecurity incidents.
Government of Bangladesh has an estimated 11,873 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Title: Bitter APT Cyberespionage Campaigns
Description: More expansive cyberespionage campaigns have been launched by the advanced persistent threat operation Bitter, associated with the Indian government. The group, also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger, deployed spear-phishing attacks impersonating Bangladeshi, Pakistani, Chinese, and South Korean governments and diplomatic entities, as well as malicious intrusions to deliver KugelBlitz and BDarkRAT payloads. The campaign involved multiple tools, including ArtraDownloader, WSCSPL backdoor, Almond RAT, MuuyDownloader trojans, ORPCBackdoor, and KiwiStealer information-stealing malware.
Type: Cyberespionage
Attack Vector: Spear-phishingMalicious intrusions
Threat Actor: Bitter (TA397, APT-C-08, Orange Yali, Hazy Tiger)
Motivation: Cyberespionage
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Data Compromised: System data, sensitive information
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are System Data, Sensitive Information and .
Entity Name: Bangladeshi government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Bangladesh
Entity Name: Pakistani government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Pakistan
Entity Name: Chinese government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: China
Entity Name: South Korean government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: South Korea
Type of Data Compromised: System data, Sensitive information
Sensitivity of Data: High
Source: The Hacker News
Source: Proofpoint and Threatray joint analysis
Source: Knownsec 404 Team
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Hacker News, and Source: Proofpoint and Threatray joint analysis, and Source: Knownsec 404 Team.
Last Attacking Group: The attacking group in the last incident were an Bitter (TA397, APT-C-08, Orange Yali and Hazy Tiger).
Most Significant Data Compromised: The most significant data compromised in an incident were System data and sensitive information.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were System data and sensitive information.
Most Recent Source: The most recent source of information about an incident are The Hacker News, Knownsec 404 Team and Proofpoint and Threatray joint analysis.
.png)
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid