Russian Hacking Group

Russian Hacking Group

Russian Hacking Group- Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia.

Active since at least September 2016, Silence APT group’s most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million during a string of ATM cash withdrawals over a span of several days.

According to a new report Singapore-based cybersecurity firm Group-IB shared with The Hacker News, the hacking group has significantly expanded their geography in recent months, increased the frequency of their attack campaigns, as well as enhanced its arsenal.

The report also describes the evolution of the Silence hacking group from “young and highly motivated hackers” to one of the most sophisticated advanced persistent threat (APT) group that is now posing threats to banks worldwide.

Silence APT hacking group has updated their unique TTP (tactics, techniques, and procedures) and changed their encryption alphabets, string encryption, and commands for the bot and the main module to evade detection by security tools.

“In addition, the actor has completely rewritten TrueBot loader, the first-stage module, on which the success of the group’s entire attack depends. The hackers also started using Ivoke, a fileless loader, and EDA agent, both written in PowerShell,” the researchers said.

EDA is a PowerShell agent, designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol, and is based on the Empire and dnscat2 projects.

hacking groups

Just like most hacking groups, Silence gang also relies on spear-phishing emails with macros Docs or exploits, CHM files, and .LNK shortcuts as malicious attachments to initially compromise their victims.

Once in a victim organization, the group leverages more sophisticated TTPs and deploy additional malware, either TrueBot or a new fileless PowerShell loader called Ivoke, both designed to collect information about an infected system and send it to an intermediate CnC server.

Read More Here

Article Credit: The Hacker News

Leave a Reply

Your email address will not be published.