Russian hacker group Silence attacks multiple banks in Africa

Multiple banks operating in the southern African region have received thousands of complaints from their users about unauthorized operations resulting from a potential cyberattack. Kaspersky’s ethical hacking experts claim that affected banks have been infected with a malware variant developed by the dangerous hacker group known as Silence, which on previous occasions managed to steal millions of dollars from banks around the world.

Silence is a group of malicious hackers specializing in theft from banking institutions. In the past, researchers and security firms have managed to unravel Silence’s attack method, which begins with a social engineering campaign and sending phishing emails to employees of the target bank.

These emails contain malware, which hackers use to access corporate networks and, stealthily, begin to collect information about the target. According to ethical hacking experts, after a while analyzing the compromised network, hackers begin to activate all the features of the malware to steal the money, mainly through fraudulent withdrawals at some ATMs, activity known as “jackpotting”.

After a while without hinting at his presence, it appears that Silence’s hackers have attacked again. Reports of this new wave of attacks began during the first days of January, although the last stage of the attack, which consists of withdrawal of funds, has not yet begun.

While more details may be unknown, Kaspersky’s ethical hacking experts say it is highly likely that Silence is behind these attacks in Africa, as malware samples collected over the past few weeks point towards developments of these threat actors. Apparently, one of the clearest indicators as to the provenance of this malware is the misuse of English.

This attack campaign is not yet considered complete, so the International Cyber Security Institute (IICS) recommends staff working in any area of a banking institution to refrain from opening appearance emails or sent by an unknown user, regardless of whether they pose as a supposed executive or company. In case these messages include attachments or links to external sites, it is critical not to interact with this content.