Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Qatar National Bank Hackers Threaten Data Leak From Second Bank

“Bozkurt Hackers” Behind Qatar National Bank Breach Could Leak Data From Second Bank

“Bozkurt Hackers” Behind Qatar National Bank Breach Could Leak Data From Second Bank

The Qatar National Bank (QNB) may not be the only bank hacked by the Turkish far-right group known as Bozkurt Hackers, according to Kaspersky Lab. The Moscow-based security firm says that it is tracking suggestions that the group will imminently release details of a second bank hack.

Details are sparse, and at the time of writing the bank is not named. Amin Hasbini, Senior Information Security Researcher at Kaspersky Lab, told SecurityWeek that his firm is monitoring developments. “At Kaspersky Lab we are monitoring various sources for data that could be related to the leaks. We have access to the data that is already public and currently there are no indications of the bank other than what the attackers mentioned.”

These details suggest that the Bozkurt Hackers have access to a database or databases that includes bank customer data going back to 2001.

In April, the hackers published data stolen from QNB. Security researcher Omar Benbouazza notes, “The bank had a big mistake, running known vulnerable software, such as Servlet 2.4, JSP and Tomcat 4.2.3. According to the logs shared by the attacker, the breach was done by one of the most common attacks, a SQL injection to the backend ORACLE database server, using the sqlmap tool.”

This server contained 11 databases; but not all of them have been leaked by the Bozkurt group. There is no current indication that suggestions of a second bank hack could be based on the unleaked databases of the first.

Bozkurt is thought to have political motivations. Indeed, a Sunday statement by QNB said it believed the attack was against itself rather than its customers: “We believe the nature of this incident is fundamentally an attempted attack on QNB Group’s reputation and not specifically targeted at our customers.”

Nevertheless, it is possible that the slow emergence of data from the alleged second bank could be a prelude to an attempted financial (or possibly political) extortion. “Data for the second bank, expected to be released soon as per the attackers,” Hasbini told SecurityWeek, “could be used for ransom instead of being released. The attackers could use the QNB attack (already public) as proof of their capabilities.”

Advertisement. Scroll to continue reading.

Correction: Aritcle peviously incorrectly cited the hacking group as Bozkurtlar rather than Bozkurt Hackers

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.