• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Russian Hackers Targeting Banks Worldwide

Russian Hackers Targeting Banks Worldwide

2019-08-21 by Michelle Dvorak

Russian Hackers Target Banks

Russian Silence Hacking Group Targeting Banks Worldwide

Silence APT, an organized hacking group, has sent out over 170,000 phishing emails to develop targets and steal money from financial institutions worldwide as reported by Group-1B cyber security researchers. The hackers’ most recent cyber attack targeted Bangladesh-based Dutch-Bangla Bank. The bank lost over $3 million from a series automated teller (ATM) cash withdrawals during an attack that persisted for several days.

Silence APT hackers begin their attacks by sending two phishing emails. After successful infection the hackers download malware to an infected system and move on to control cash machines. Cyber security researchers from Group-IB stated report that Silence APT compromised banks in India (in August 2018), Russia (February 2019), Kyrgyzstan (May 2019), Russia (June 2019), Bulgaria (July 2019) as well as Chile, Ghana, and Costa Rica. In another attack, Silence stole $150,000 from ATMs in one night.

Silence hackers use a two-stage phishing emails cyber attack vector. The first phishing emails containing images or a link for the reader to click on. The phishing emails do not contain malicious code or attachments and serve to refine the email list of targets. The second spear-phishing email campaign begins the infection. The phishing emails usually contain Microsoft Word documents as attachments. The docs contain macros or exploits, CHM files, and .LNK shortcuts as malicious attachments to infect victims’ machines with backdoors and downloaders. Upon successful infection the hackers manually load TrueBot malware, also known as Silence.Downloader to the users’ system.

What is Silence APT?

Silence APT is a Russian Advanced Persistent Threat (APT) group. Silence hackers target banks and financial institutions to steal money. The hacking group is believed to have been in operation since about 2016.

Silence APT CYBER ATTACK HISTORY

Silence hacking groups’ activities from May 2018 through 1 August 2019 as tracked by Group-IB cyber security specialists. Money mules in Bangladesh were arrested but the attacks still increased in frequency and geographical region. Group IB Threat Intelligence reports on Silence APT groups’ activities are available for download

Advanced Persistent Threat List
  • 28 May 2018 – An email phishing Russian language campaign sent with Microsoft Word attachment that contained an exploit for CVE-2017-11882 vulnerability. The exploit installs Silence’s loader
  • August 2018 – A bank in India was compromised by Silence
  • 16 October 2018 – Russian Silence hackers conducted a malicious campaign targeting Russian banks. The emails were sent from info @ bankuco. com
  • 18 October 2018 – Silence APT sent a test email campaign to UK financial companies
  • 18 October 2018 – Silence sent emails to Russian banks and digitally impersonated a legitimate bank due to the lack of SPF settings
  • 25 October 2018 – Silence sent emails from info @ bankuco . com to Russian banks. The emails refer to the opening and maintenance of a correspondent account and were sent from a non-existent bank name
  • 15 and 16 November 2018 – Silence sent a large-scale email phishing campaign posing as the Central Bank of the Russian Federation. The goal of the cyber attack was to deliver the second stage of Silence’s Trojan, Silence.MainModule
  • 20 November 2018 – A first stage phishing campaign sent to Asian banks
  • 25 and 27 December 2018 – A new malicious phishing campaign sent from pharmkx[ . ] group and cardisprom[ . ]ru domains
  • 4 January 2019 – Silence attacked financial organizations in the UK containing an attachment signed by SEVA MEDICAL LTD
  • 16 January 2019 – For the first time, Silence disguised a malicious attachment. It was a fake invitation to the international financial forum iFin-2019. The attachment contained Silence.Downloader
    (TrueBot) malware
  • February 2019 – Silence hackers compromised another Indian bank
  • February 2019 – Silence stole 25 million rubles (about $400,000 USD) Russia’s Omsk IT Bank
  • 21 May 2019 – Phishing emails sent out purporting to be from the bank’s client with a request to block a credit card. The emails contained a fileless Trojan, Ivoke backdoor
  • 20 June 2019 – Silence attacked banks in Russia
  • July 2019 – Banks in Chile, Bulgaria, Costa Rica and Ghana were compromised

What is an Advanced Persistent Threat Group?

Advanced Persistent Threat Groups are organized cyber criminals that hack corporations, governments, organizations, and individuals. Many APT groups work at the behest of a government entity. APT groups have different goals. While some are conducting corporate or political cyber espionage, others steal data, contacts, or money to fund other missions.

APT groups are assigned numbers to help cyber researchers track their activity. They are also given multiple names so as not to offend the governments that sponsor them. The names loosely follow a naming convention associated with each APT groups’ home country. For example, Chinese APT groups are named for Pandas while Iranian hacking groups are named for Persian Cats or oil industry terms. Iranian state-sponsored APT34 is also known as OilRig and HelixKitten. The United States APT group is called Equation Group.

Filed Under: News Tagged With: APT, Russia

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version