Hackers tiptoe out, launch Silence trojan, quietly raid banks of meeelllions
They're exploiting already infected bodies, say researchers
Cybercrooks are directly attacking banks in multiple countries using a trojan dubbed Silence.
At least 10 financial organisations in multiple regions including Russia, Armenia, and Malaysia have been targeted by the so-called Silence crew in a series of ongoing attacks.
While stealing funds from its victims, Silence runs techniques similar to the previously discovered Carbanak crew, according to Kaspersky Lab.
Both groups have a similar modus operandi. After first achieving persistent access to internal banking networks for a long period, the groups then monitor day-to-day activity and examine the details of each separate bank network. Once the time is right, the hackers use this gathered knowledge to steal as much money as possible.
The amount of money already stolen by the group remains unknown but it is conservatively estimated to run into the millions.
Spear-phishing email in Russian [source: Kaspersky Lab blog post]
Silence attacks typically begin with spear phishing emails. These attacks, if successful, result in the planting of a backdoor on a target's PCs. The Silence crew have put together a twist on this well-worn theme.
“The criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account,” Kaspersky Lab reports. "Using this trick, criminals make sure the recipient is [not] suspicious of the infection vector." ®