Fri. Aug 14th, 2020

Group-IB published a report about Silence APT operations

1 min read

Researchers from Group-IB recently released an analysis report on the hacker organization Silence APT. According to the report, the hacker organization Silence APT is adopting new technologies to expand its attack intensity and scope. According to the researchers, Silence APT has been active since September 2016. The initial target of the attack is mainly the financial institutions of the Commonwealth of Independent States. It has now extended its attack to more than 30 countries in the Americas, Europe, Africa, and Asia.

ICS Attack Framework “TRITON”

Experts say: “Silence has also changed their encryption alphabets, string encryption, and commands for the bot and the main module. Moreover, the actor has completely rewritten TrueBot loader, the first-stage module, on which the success of the group’s entire attack depends. Due to ongoing investigations, the new report features the detailed analysis of two of Silence’s recent attacks, as well as descriptions of their TTPs.”

Before the attack is launched, the organization will send a regular email to identify the active email. Once the target is determined, the organization hides the macros Docs or exploits in the phishing email and sends them to the target mailbox. Once the intrusion is successful, the attacker will use a more complex TTP and implant other malware to steal system information.

The data showed that between May 2018 and August 1, 2019, the organization’s malicious activities caused a total loss of $4.2 million.