Cybercrime: Russian-speaking hacking group targeting banks in Africa_1

Experts at global cyber security company Kaspersky have warned that banks in sub-Saharan Africa are under intense cyberattack, probably from the infamous Silence hacking group.


Silence is known to be responsible for the theft of millions of dollars from banks across the world.

Thousands of attack since beginning of January 2020


The company says its security researchers have reported on thousands of notifications of attacks on major banks since the first week of January. It is believed that the hackers are beginning the final stage of their operation to take money from the banks that they have successful penetrated.


“We urge all banks to stay vigilant, as apart from the large sums [of money], the Silence group also steals sensitive information while monitoring the bank’s activity,” Kaspersky warned in a statement.

The inner workings of a typical cyberattack


The Silence group is one of the most active Advanced Persistent Threat (APT) hackers. A typical cyberattack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee. 


From there, the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device, learning how things work in the targeted banks.


Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. 

Who is the so-called Silence group?


Kaspersky researchers attribute the attacks to the Russian-speaking Silence group, based on the malware used in the attacks, which was previously used solely in the group’s operations. In addition, the language of the malware is Russian. The hackers attempted to slightly cover this fact by typing Russian words using the English keyboard layout.


“Silence group has been quite productive in the past years, as they live up to their name; their operations require an extensive period of silent monitoring, with rapid and coordinated thefts,” said Kaspersky security researcher Sergey Golovanov said.


“We noticed a growing interest of this group in banking organisations in 2017 and since that time the group would constantly develop, expanding to new regions and updating their social engineering scheme.” 


Kaspersky detects the malware used in the operation as: HEUR:Trojan.Win32.Generic,PDM:Exploit.Win32.Generic

How to not fall prey to cyberattacks


To protect from this and similar attacks, Kaspersky advises financial organisations to apply the following measures:

Introduce basic security awareness training for all employees so that they can better distinguish phishing attempts;Monitor activity in enterprise information systems information security operations centre;Use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Detection and Response (bit.ly/380Nvvp) or use the Kaspersky Anti Targeted Attack platform (bit.ly/2TiaYEh);Provide security teams with access to up-to-date threat intelligence data (bit.ly/2QN64NQ), to keep pace with the latest tactics and tools used by cybercriminals; and Prepare an incident response plan to be ready for potential incidents in the network environment.

Banks vs cybercriminals


Banks around the world constantly share intelligence on new methods and technologies used by cybercriminals. In this country, the South African Banking Risk Information Centre (Sabric) provides a forum for banks to distribute this information.


Figures contained in the Verizon 2019 Data Breach Investigations Report, published in May 2019, indicate that there were 41 686 data “incidents” and 2 013 confirmed breaches worldwide in the previous 12 months. A breach is defined as an incident that results in the confirmed disclosure or exposure of data.


South Africa’s Liberty financial services group suffered a data breach in June 2018 and the Bangladesh Bank lost a mammoth $81 million (about R1.2 billion) in 2016 when custom malware was introduced into its IT systems.