Posted on August 21, 2019 at 7:29 PM
Silence Hacking Crew Is Now Focusing on Banks in the Asia Pacific Region
A single hacking group has managed to terrorize the planet after stealing more than 160,000 email addresses and $4.2 million in over 30 countries. The Russian-speaking Silence APT (advanced persistent threat) group is now shifting its focus on an emerging, profitable market: the Asia Pacific region.
According to the latest reports, Silence is now performing its operation in the APAC region and customizing its resources to conduct targeted attacks. It has already managed to steal millions of dollars from financial institutions in the area, and there are no indications of them stopping now.
A Profitable and Promising Area
Maybe the group should consider changing its name, with all the noise it is causing because of its repeated attacks. Some of the targeted countries in the area are emerging financial powerhouses such as South Korea, Taiwan, Malaysia, Singapore and other countries in the geographical area, per a report from Singapore-based online security company Group-IB.
One of Silence’s most significant moves in 2019 has been the Dutch-Bangla Bank one. It has been attributed to the group, and it occurred in the month of May in Bangladesh, not coincidentally, a country in the Asia Pacific region. The financial institution reported the loss of approximately $3 million, money that was taken from ATMs by masked people that were, purportedly, related to Silence.
Of course, that wasn’t the first time that APAC banks were targeted by the APT group, and it probably won’t be the last. Near the end of 2018, specifically in November, the association sent roughly 80,000 reconnaissance emails to people in Asia according to reports. A minimum of 2,352 of them was intended for recipients in Singapore, a nation that has blossomed financially, and because of that, it has become an attractive target for hackers and cybercriminals in the continent.
A Marked Evolution
Group-IB’s most recent report names Silence and identifies it as having evolved from a small and inexperienced cybercrime association with rudimentary resources to an APT powerhouse that is now representing a real threat to banks all over the world, most notably in Asia. In its early days, the group used to direct its attacks to post-Soviet nations, but it has now expanded its reach.
The Group-IB folks have been describing Silence’s modus operandi, in the form of tactics, techniques, and procedures (TTPs) since September 2018. It observed that while it lacked experience in breaching banks in comparison to other associations, it made up for this situation by carefully studying and adapting other group’s strategies and approaches.
An example of that situation is the fact the Silence implemented Kikothac, a backdoor it borrowed from another entity, as a testing resource before coming up with their own tools and resources to attack ATMs and systems that process cards.
Drawing Attention
Naturally, and because of the magnitude of its latest operations, online security experts and researchers have been scrutinizing its every move, which is also true for any APT group. Usually, Silence’s reconnaissance emails have links with no malicious payload, but it is actually a strategy that allows the hacking association to obtain further email addresses for future offenses.
While companies and financial institutions in the area are certainly aware of the fact that there is a recent threat to their operations, experts in cybersecurity insist on adopting an enhanced focus on safety and being mindful of the current limitations of specific security measures.
The message is clear: there is more work to be done to achieve protection against APT groups like Silence, despite the fact that APAC, as a region, is working towards the coordination of common cybersecurity approaches and techniques.
According to a recent study, healthcare institutions in the Asia Pacific area stand to lose approximately $23.3 million in hacking and cyber attacks. In Australia alone, roughly 800 different data breach events were reported a year after the nation introduced changes to the data breach notification scenario.
