A new Russian hacking group operating under the name of Silence has hit at least ten banks across the world with a piece of malware that opens up access to infected computers to compromise banking networks.
Uncovered by Kaspersky Labs researchers, the security outfit says that Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organisations.
The Silence Trojan compromises user PCs via spear phishing emails, dropping a malicious payload that is capable of monitoring its victim’s activities, including taking multiple screenshots of the day-to-day workload and providing a real-time video stream of user interactions. In this way, the criminals gain persistent access to internal banking networks for a long period, biding their time until they have gained the necessary knowledge and credentials to undertake a heist.
The criminals also exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account.
Kspersky says the Silence Trojan has so far been detected in the internal infrastructure of at least ten banks in multiple countries, including Russia, Armenia and Malaysia.
“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks," says Sergey Lozhkin, security expert at Kaspersky Lab. "We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture.”