CEA
All cases

Bangladesh e-Government Portal Intrusions

2021 – 2022

EspionagePeak: DisruptionAttribution: Low ConfidenceGovernmentTechnology
Year
2021
Actor country
Unknown
Target regions
Bangladesh
Unpeace score
6

Executive Summary

Series of intrusions targeting Bangladeshi government digital service portals, exposing citizen data including national identity information and disrupting administrative functions. The incidents highlighted the vulnerability of rapidly digitized government services in developing states where cybersecurity investment has not kept pace with digital transformation.

Why This Matters

The Bangladesh e-government intrusions exemplify a pattern common across rapidly digitizing developing states: the gap between e-government ambition and cybersecurity capability creates systemic risk to citizen data and public trust in digital services.

Escalation Profile

7-Dimension Profile

Escalation Ladder

Probing
Intrusion
Disruption
Degradation
Destruction
Strategic

Phases

2021-07
Intrusion

Government portal compromise

Attackers gained access to multiple e-government service portals including citizen registration and administrative systems.

2021-12
Disruption

Data exposure and service disruption

Citizen data exposed through compromised portals; some administrative services taken offline during incident response.

Threshold Crossings

  • Compromise of national citizen identity data in a rapidly digitizing state
  • Exposed the security gap between e-government ambition and cybersecurity capability

Restraint Factors

  • No destructive payloads deployed
  • Scope appeared opportunistic rather than strategically targeted

Attribution Assessment

Low ConfidenceUnknown; investigations did not produce public attribution. Some researchers noted similarities with regional threat groups but evidence remained inconclusive
Unknown
1. Technical

Threat actor mapped to Unknown based on infrastructure analysis, malware attribution, and operational patterns.

2. Political / Legal
No formal state response
  • Bangladesh CERT issued advisories on government portal security
  • Government initiated security audits of digital service platforms

Sources: Bangladesh CERT: Advisory on Government Portal Security

3. Open Source
  • TechCrunch: Bangladesh government websites leak citizen data(2023-07)

Low Confidence” reflects available public evidence. All assessments carry inherent uncertainty and should be read alongside source material.

Unpeace Position

6

Unpeace Score

Composite severity rating on the peace–conflict spectrum

Stable
Contested
Escalatory
03060100

Contributing Dimensions

Escalation peak3/6
Threshold crossings2/4
Governance flags1/8
Sectors affected2/6
Entanglement4/10
Country scope1/6

Coercive Function

Espionage

Intelligence collection — coercive value lies in the information advantage gained and the implicit signal that the adversary can access sensitive systems.

Observed coercive effects

  • Compromise of national citizen identity data in a rapidly digitizing state
  • Exposed the security gap between e-government ambition and cybersecurity capability

Entanglement Risk

Entanglement score4

Sectors affected

GovernmentTechnology

Countries / regions

Bangladesh

Impact summary

Citizen data from government portals exposed; administrative services temporarily disrupted.

Infrastructure Meaning

Capability profile

Citizen data from government portals exposed; administrative services temporarily disrupted.

2 ATT&CK techniques mapped — see ATT&CK mapping below.

Governance Analysis

Governance Flags

!Norm Violation
APublic Attribution
SSanctions Imposed
IIndictment
UUN Discussion
RRegulatory Change
CInternational Cooperation
DDeterrence Signal

Norms invoked

  • State duty to protect citizen data in digitized government services
  • Responsible development of e-government platforms

Policy responses

  • Bangladesh CERT issued advisories on government portal security
  • Government initiated security audits of digital service platforms

Regulatory changes

  • Bangladesh Digital Security Act enforcement strengthened
  • National cybersecurity awareness programs expanded

Governance impact assessment

Demonstrated the security debt accumulated during rapid e-government digitization in developing states, reinforcing the need for cybersecurity capacity-building in digital development assistance frameworks.

Sources

G

Bangladesh CERT: Advisory on Government Portal Security

Government2021-08
J

TechCrunch: Bangladesh government websites leak citizen data

Journalistic2023-07

Sources listed reflect publicly available materials used to construct this case entry. Inclusion does not imply endorsement. Where no URL is provided, the source may be found via its title and date.

Related Cases

SolarWinds

March 2020 – December 2020 · Russia

8

SolarWinds exposed systemic supply chain risk in government IT and triggered the most sweeping US cybersecurity executive order in a decade, reshaping federal procurement and zero-trust policy.

EspionageDisruption

Storm-0558

May – July 2023 · China

7

Storm-0558 revealed that a single compromised signing key could bypass the security boundaries of the cloud infrastructure underlying most government communications, making cloud identity trust a first-order national security concern.

EspionageDisruption

Exchange/Hafnium

January – March 2021 · China

9

Hafnium demonstrated how a targeted espionage operation can metastasize into a mass-compromise event affecting tens of thousands, and prompted the widest coalition cyber attribution ever directed at China.

EspionageDegradation

Oldsmar Water

February 2021 · Unknown

6

Oldsmar made water-system cyber risk tangible for policymakers and the public, revealing how small utilities with minimal security budgets can become targets with public-health consequences.

SabotageDisruption