A Russian-speaking threat group has managed to steal roughly $3.5 million since September 2018 by increasing the frequency of attacks, Singapore-based cybersecurity firm Group-IB reveals.
Tracked as Silence, the APT group was initially detailed a year ago, when it was only targeting 25 post-Soviet states and neighboring countries. Since then, however, the actor has expanded its operations globally, made changes to its TTPs, and also enhanced its arsenal of tools.
Over the past year, at least 16 new campaigns targeting banks in more than 30 countries across Europe, Latin America, Africa, and Asia have been associated with Silence. The total incurred losses have increased five-fold, from just $800,000 to $4.2 million, Group-IB’s security researchers reveal.
One of the attacks attributed to Silence is the attack on Dutch-Bangla Bank, where money mules were observed on CCTV footage withdrawing money from the bank’s ATMs. Other incidents were detected in India (August 2018), Russia (February 2019 and June 2019), Kyrgyzstan (May 2019), Chile, Ghana, Costa Rica, and Bulgaria (July 2019).
Additionally, the hackers have conducted one of their largest reconnaissance campaigns to date in Asia, which suggests they have a special interest in the region, Group-IB explains in a report shared with SecurityWeek.
The APT relies on phishing for initial compromise, but starting October 2018 it was observed using reconnaissance emails as part of a preparatory stage. The message looks like a “mail delivery failed” message containing a link without a malicious payload and it allows the attackers to obtain a list of valid emails while also learning what security solutions a targeted company uses.
Group-IB says it has identified at least three major reconnaissance campaigns spread across Asia, Europe and post-Soviet countries, with over 170,000 such “recon” emails. The largest of them was targeting Asia, with nearly 80,000 emails sent to organizations in Taiwan, M ..
Support the originator by clicking the read the rest link below.
