Russian hacking group Silence APT now aggressively targeting banks across Asia-Pacific

Financial damage linked to Silence APT has increased about five times over the past year

Russia-linked hacking group Silence APT has customised its arsenal to more aggressively target financial institutions - with a campaign currently targeting banks in Asia.

That's according to the latest report by Singapore-based cybersecurity firm Group-IB, which claimed that the financial damage linked to Silence APT has increased by 500 per cent over the past year.

In its report, Group-IB details the evolution of Silence APT from a "small, young, cybercrime group" to an advanced persistent threat (APT) group that is now carrying out attacks on banks worldwide.

Silence APT is active since at least September 2016, according to the researchers. One of its most recent campaigns in Asia-Pacific region was tracked in May 2019, when it stole sensitive customer data from the Dutch-Bangla Bank in Bangladesh and reportedly withdrew $3 million cash from ATM machines of the bank.

In November 2018, the group sent nearly 80,000 spear-phishing emails to people across Asia, of which, at least 2,352 were intended for individuals based in Singapore.

According to the Group-IB researchers, Silence APT has enhanced its unique tactics, techniques, and procedures (TTPs) in recent months and has also modified encryption alphabets and commands for main module and the bot to escape detection by cybersecurity tools.

The group has modernised its first-stage module named TrueBot loader and has also started using EDA agent and a fileless loader named Ivoke (both written in PowerShell).

On the top of that, Silence APT also uses spear-phishing emails with malicious attachments, like CHM files, macros Docs, and .LNK shortcuts, to initially compromise victim machines. After gaining entry into the target network, the group deploys additional malware, either Ivoke or TrueBot, to collect additional details about the infected machine. Those details are then sent to an intermediate Command and Control server.

The Group-IB report reveals that over past year (from May 2018 through 1 August 2019), the amount of money stolen by the group increased nearly five folds (estimated loss of about $4.2 million).

"Given that the gang represents a growing threat to the financial sector worldwide, banks and financial organisations need to be aware of the threat," says Rustam Mirkasymov, threat intelligence expert at Group-IB.

"Know their tactics and rapidly evolving tools to be able to detect and prevent the gang's attacks at early stages."

Russian hackers are increasingly targeting financial institutions and government systems across Europe and the US, according to security researchers.

Earlier this month, Microsoft said that it had observed a hacking group linked to the Russian state targeting Internet-of-things (IoT) devices in a bid to breach secure corporate networks.

In 2018, the US Federal Bureau of Investigation concluded that Russian threat group APT28 was responsible for infecting over 500,000 consumer-grade routers in more than 50 countries. The group is also linked with hacking of Democratic National Committee (in 2016) and France's TV5Monde TV station, among others.

In April last year, Germany also blamed Russia-backed APT28 group for launching a cyberattack on its foreign ministry. The attack was uncovered in December 2017.