Russian Hacking Group “Silence” Made Over $800,000 From Attacking Bank ATMs

The world has seen its fair share of cybercriminal gangs. The cyber criminal group “Silence” is rising among the ranks it would seem. Group-IB, a cybersecurity company was able to identify and expose the crimes committed by Silence. The gang’s main targets are banks, especially those in Russia, although attacks have been noted to be on a global scale. Judging by the tactics used by the group during their attacks, it has been assumed that at least one member from the team must have been a security specialist relating to banking before turning rogue. So far, Silence has stolen over $800,000 from banks.

Silence started out as a small group, with underdeveloped tactics of attack at first. They were identified back in 2017 after stealing $100,000. Autumn 2017 saw a rise in the group’s activity. Silence has ramped up it’s efforts as can be seen from its previous confirmed thefts, which accumulated to above $550,000 in 2018. That’s over a fivefold increase in just one year. Talk about growth.

As can be discerned from research, Silence is a small team of Russian-speaking hackers. This has been confirmed based on the language used in their commands as well as the location of their main targets (mostly Russia, Ukraine, Belarus, Azerbaijan, Poland, and Kazakhstan). It’s assumed there are two members in the group; one playing the role of a developer and the other being an operator. The gang carefully choose their targets, and takes more time to execute an attack, when compared to other groups.  The developer in the group has reverse-engineering skills and is responsible for developing the attack tools and carrying out exploits. After the developer does his part, the operator takes over and navigates his way around the banking infrastructure, utilizing the tools created by the developer.

Silence’s attacks are primarily implemented using phishing emails. They began with hacked servers, and later turned to registered phishing domains. During their first attacks, the team used the Kikothac backdoor, which was borrowed. Later on, they began creating their own tools for card processing and ATM attacks. Some of such created tools includes Silence–a framework for infrastructure attacks, Farse–a tool used to get passwords from computers, Atmosphere–a bunch of software tools for ATM attacks and Cleaner– used to remove logs.

Silence’s activity began in 2016, with a failed operation when they tried to withdraw money through AWS CBR. From 2017, they began a barrage of attacks against ATMs, and successfully stole $100,000 in just one night.  By 2018, with the knowledge of supply-chain attack, they stole $550,000 from banks and got an added $150,000 from ATMs. It’s assumed the team have carried out other attacks, which are yet to be identified and confirmed.

Dmitry Volkov, the Chief Technology Officer and Head of Threat Intelligence at Group-IB, had something to say concerning this cybergang:

“Silence, in many ways, is changing the perception of cybercrime in terms of the nature of the attacks, the tools, tactics, and even the members of the group. It is obvious that the criminals responsible for these crimes were at some point active in the security community. Either as penetration testers or reverse engineers. They carefully study the attacks conducted by other cybercriminal groups, and analyse antivirus and Threat Intelligence reports. However, it does not save them from making mistakes; they learn as they go. Many of Silence’s tools are legitimate, others they developed themselves and learn from other gangs. After having studied Silence’s attacks, we concluded that they are most likely white hats evolving into black hats. The Internet, particularly the underground web, favours this kind of transformation; it is now far easier to become a cybercriminal than 5–7 years ago—you can rent servers, modify existing exploits, and use legal tools. It makes things more complicated for blue teams and much easier for hackers.”

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers