Russian-speaking hackers are linked to the theft of 800k USD from European banks
At least one of the members of a newly discovered malicious hackers group seems to be an employee (old or current) of a cybersecurity company, as reported by ethical hacking specialists. The report, published by a Moscow-based cybersecurity firm, analyses the activity of a previously unreported cybercriminal group called Silence.
According to this report, this group has spent the last three years deploying silent cyberattacks in different financial institutions in Russia and Eastern Europe.
The group went unnoticed for years, mainly because of its willingness to use legitimate tools and applications included in the victims’ computers, a practice known as “living of the earth”. However, it is reported that Silence has also developed its own tools, for example:
- Silence: A framework for infrastructure attacks
- Atmosphere: A set of software tools for ATMs cash-out
- Farse: A tool to obtain passwords from a compromised device
- Cleaner: A tool for logon deleting
These tools, jointly with the group’s mode of operation, have helped them to go unnoticed for much longer than many of his counterparts. By analyzing this mode of operation, Russian experts in ethical hacking have been able to identify the attacks perpetrated by Silence. The first hack attributed to Silence took place in July 2016; it was a failed attempt to withdraw money through the Russian interbank transaction system known as the Automated Work Station Client (AWS).
According to the report, hackers gained access to the system, but the attack was unsuccessful due to inadequate payment order preparation, so bank employees were able to cancel the transaction.
However, the bank’s remediation efforts were not enough and Silence regained access to the same bank’s network a month later; although this time they adopted another approach. Hackers downloaded the software to take screenshots and proceeded to investigate the work of the operator using video transmission, although this attack was also stopped.
However, Silence did not surrender and in October 2017 they finally managed to hack into a banking institution and steal some money. For doing so, the group stopped trying to transfer money using the AWS system and switched to the bank’s ATM control systems, which makes the ATMs emit cash at a given time, an attack known as jackpotting.
Ethical hacking specialists from the International Institute of Cyber Security mention that, thanks to this tactic, Silence was able to steal more than 100k USD during its first successful cyberattack. Other attacks that repeated the same pattern were later discovered and were linked to the Silence group in the following months, such as the theft of more than 550k USD in February 2018 and another 150k USD in April 2018.