New hacking group hunts financial firms
In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence.
While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.
Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations. Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the
‘Silence’ joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak
details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.
This is exactly the case with Silence Trojan — which compromises its victim’s infrastructure via spear phishing emails.
The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper.
This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.
Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.