New details have been released about a new cybercriminal group called Silence, who have been active for the past three years. The group, thought to be made up of just two people, are believed to be former security professionals who are working together to mainly target Russian banks. The group has managed to steal over $800,000 from banks across Russia. Silence is suspected to be Russian, based on their targets and the modifications they have made to exploits for them to work in their favor. Silence has also been seen attacking banks in the Ukraine, Poland, Belarus, Azerbaijan, and Kazakhstan. The group started by using exploits and tools that were already available and making changes to them to work in the environment they needed them to. After a short time, the group began creating their own tools to use and began using a tactic called “living of the land” where they used legitimate apps and tools found on the computers of the victims. The group made tools including ones for infrastructure attacks, software to attack ATM’s, a tool to steal passwords, and a log cleaner. The way these tools were developed and the group’s “lay low” mentality helped them stay under the radar for so long. Like most threat actor groups that attack the financial industry, Silence begins an attack by using a phishing email to compromise one account or a machine. Afterwards, they use their tools to begin the attack. Compared to other threat actors that attack banks, this group is very small and have not made anywhere near the profits that other groups have, but for a two-man group, the team has caused some damage.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased