Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says.
APT Group- The Russian-language-speaking Silence APT group appears to be evolving into a major threat to banks and financial institutions everywhere, but especially so in Asia, Europe, Russia, and the former Soviet Union states.
Singapore-based security firm Group-IB, which has been tracking Silence since 2016, says over the past year the threat group has sharply increased the frequency of its attacks, begun targeting organizations in over two dozen countries, and added new weapons to its malware arsenal.
Some of the malware it has begun using suggests a link with TA505, a threat group perhaps best known for distributing the Dridex banking Trojan and other malware via very high-volume spam campaigns, Group-IB said this week.
Between last September, when Group-IB first released a detailed report on Silence APT, and now, confirmed total financial losses stemming from the group’s activities has surged fivefold — from around $800,000 to $4.2 million, the security firm said.
Rustam Mirkasymov, threat intelligence expert at Group-IB, says Silence has evolved from being a mistake-prone, copycat group to one of the most sophisticated threat actors targeting organizations in the financial sector in Russia, Europe, and especially Asia.
“Given that the gang represents a growing threat to the financial sector worldwide, banks and financial organizations need to be aware of the threat,” he says. “Know their tactics and rapidly evolving tools to be able to detect and prevent the gang’s attacks at early stages.”
Silence APT’s typical modus operandi has been to try and gain initial access to a target bank network via malware embedded in phishing emails. It has then used that foothold to look for and plant malware on banking systems that allow money mules to later make fraudulent withdrawals from the bank’s ATMs.