This hacker group attacks banks around the world to cash out ATMs

Cybersecurity services specialists report the detection of a hacking campaign operated by a group of cybercriminals specializing in attacks against banking institutions; the campaign was detected in four different locations on the Asian continent: Sri Lanka, India, Kyrgyzstan and Bangladesh.

This hacker group has been identified as “Silence”, has been active at least since 2016 and has a presence in multiple countries of the former Soviet Union. In one of the attacks at Bangladesh’s Dutch Bangla Bank Limited, hackers managed to steal more than $3 million USD through several ATM attacks (a practice known as jackpotting) over the past month; this is the first time the presence of this group is detected in Asia.

Rustam Mirkazymov, a researcher at a cybersecurity services firm, claims that hackers appear to have injected dangerous malware into Bangladesh’s bank networks. The malware contained various modules for executing malicious commands on the infected host, in addition to configuring proxy servers to hide illegitimate traffic. Using this access, Silence organized the massive attack on the compromised bank’s ATMs.

Further details of these attacks are still unknown. However, a video posted on YouTube identified two men, allegedly Ukrainian, visiting various ATMs at Dutch Bangla Bank; after making some calls, the individuals proceeded to withdraw huge amounts of money. The criminals also cloned bank cards from multiple bank customers before carrying out the jackpotting attack.  

This mode of operation suggests that hackers could have used access to the banking network to authorize fraudulent transactions without raising suspicions of banking security equipment with the help of atmosphere malware.

According to cybersecurity services specialists from the International Institute of Cyber Security (IICS), this hacker group began a mass phishing campaign in late 2018, targeting banking institutions around the world. This series of attacks appear to be the final stage of this malicious campaign, which has already generated million-dollar losses on affected banks. Despite the havoc it has caused, specialists believe this is actually a small operation involving at least two people; it is suspected that one of these people could be a cybersecurity professional.