Russian hacking group is now using evolved tactics to target banks worldwide

It was just revealed that Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now targeting banks in more than 30 countries across America, Europe, Africa, and Asia.

For now, cybersecurity researchers did not share the names of the banks targeted by Silence APT. But it is known that banks from India, Russia, Kyrgyzstan, Chile, Ghana, Costa Rica, and Bulgaria were hit.

This dangerous group is active since at least September 2016; their most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million.

Silence APT group has significantly expanded its operations, by increasing the frequency of their cyber attack campaigns. The group has updated its unique tactics, techniques, and procedures. Also, their encryption alphabets, string encryption, and commands for the bot and the main module were changed to evade detection by security tools.

For example, cybersecurity researchers found that Silence group have completely rewritten TrueBot loader, the first-stage module, on which the success of the group’s entire attack depends. It was also found that the same hackers are using Ivoke, a fileless loader, and EDA agent.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install an antivirus for Mac, like Antivirus CB from AppStore, on every device that you own.

Pay attention!, experts say. Because Silence also relies on spear-phishing emails with macros Docs or exploits, CHM files, and .LNK shortcuts as malicious attachments to initially compromise their victims.

If a victim or targeted company is infected, the group then uses the more sophisticated TTPs and deploy additional malware, either TrueBot or a new fileless PowerShell loader called Ivoke. These steps help them to collect information about an infected system and send it to an intermediate CnC server.

Silence APT group’s latest campaigns, from May 2018 through 1 August 2019— made an estimating the total of $4.2 million.

The growing threat posed by Silence and its rapid global expansion could affect everyone, everywhere. Here is how to protect:

  • check every email you receive
  • never open email attachments from unknown sources
  • even if the sender is known, always make sure that you have one or more cybersecurity solutions protecting your system before opening anything received via email

We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber-attacks. Remember to use antivirus for Mac like Antivirus CB which can be found on AppStore to try for free.