Silence: The cyber-crime group Silence has been active again, targeting financial institutions in sub-Saharan Africa. Recently, researchers have flagged thousands of notifications of attacks on major financial institutions throughout the region. The malware used, as well as the timeline of the activity on the victim’s systems, indicate that the campaign is likely being run by Silence. The attacks were first detected during the first week of January 2020 and indicated that the group may be entering the final stage of their operation, which will result in the cashing out of funds.
Analyst Notes
Silence gained their name from the way that they operate. The group is known for gaining access and then operating quietly to remain undetected on a victim’s network for extended periods of time. Previously, the group’s operations have focused on financial institutions in Europe and Asia. Each time the group becomes active, they have expanded their geographic area of operations and the means by which they use social engineering to gain the initial access into victim’s networks. Because of this, it is vital that financial institutions implement training programs for all employees on how to recognize social engineering attempts and phishing emails. Constant monitoring of log files for patterns of attacker behavior and detecting threats on workstations and servers using Endpoint Detection and Response (EDR) tools are also important means of detecting attacks and recovering from attacks as quickly as possible. More information can be found on this incident at https://www.timeslive.co.za/news/south-africa/2020-01-13-notorious-silence-hacking-group-targeting-banks-in-sub-saharan-africa/
