SilverTerrier: The Business Email Compromise (BEC) threat group tracked by Palo Alto as SilverTerrier has switched tactics to use COVID-19 themed lures since January 2020. The group has also started targeting government healthcare agencies, regional utility entities, COVID-19 response organizations, and medical research facilities, showing little restraint in who they are targeting in the scams. According to Palo Alto researchers, the SilverTerrier group alone averaged over 92,000 BEC attacks per month in 2019. BEC attacks are becoming more common amongst threat actors as a way to trick their targets into initiating fraudulent wire transfer into accounts the group runs through money mules. In the case of SilverTerrier, they are also known to include malicious tools in their emails such as Agent Tesla, AzoRult, Lokibot, Pony, and PredatorPain as information stealers and also Remote Access Trojans (RATs) such as Netwire, Darkcomet, Hworm, NanoCore, Remcos, ImminentMonitor, Adwind, Revenge, and WSHRat. By using these tools during their attacks, the threat actor is able to access and steal information from their victims after they manage to compromise their network.
Analyst Notes
BEC attacks are very common amongst threat actors. In this case, SilverTerrier is using its BEC attack to attempt to steal money as well as infect workstations with malware in order to steal sensitive information from the company. Monitoring workstations and servers with a service such as Binary Defense’s Managed Detection and Response (MDR) is crucial to detecting those malware tools being used and responding quickly to cut off the attackers’ remote access. Whenever wire transfers are requested via email, the recipient should be extra cautious and take the time to double-check with the requester to make sure it is a legitimate request.
More information can be read here: https://www.bleepingcomputer.com/news/security/silverterrier-bec-scammers-target-us-govt-healthcare-agencies/
