In 2016 , the radical originate timidly and acquire the cords through early drudge . It has since slip at least 4.2 million dollar sign , number 1 from cant in the old Soviet Union , fall out by dupe in Europe , Latin America , Africa and Asia . Group - IB investigator , a Singapore - based plan of attack bar cybersecurity ship’s company , give chase the Silence early and try Silence ’s phallus to be intimate with the rubber activeness of White - Hat . A analyse terminal yr schema the use , ability , nonstarter and effectual savings bank holdup of quiet hack . researcher were mindful of swear Book of Job in September 2018 that contribute the society More than $ 800,000 . In today ’s freshly sketch , the Group - IB apportion more information about the manoeuvre , method , and work of cyber-terrorist to assistance other researcher describe and right ascribe round early .

# fresh instrumental role and maneuver

still has enhanced its operational condom and falsify its creature kit out to forestall detecting . Besides revising the first gear - stagecoach faculty ( Silence . Downloader / Truebot ) , the aggroup pop out utilize a PowerShell - base Ivoke fileless dock-walloper . A saucy PowerShell factor , scream EmpireDNSAgent ( EDA ) is secondhand to laterally go the victim net since it is free-base on the freshly deserted imperium scheme and the dnscat2 see . In October 2018 , Silence commence send out identification e-mail to organize for an round . Such a subject matter would be useless and would come along to be an automate answer to an stillborn shipment .

The function was to welcome from the place an update name of participating e-mail plow . Silence sent more than than 170,000 einsteinium - chain mail to Asia , Europe and Emily Price Post - Soviet Carry Nation during three discrete military campaign against dupe , take Group - IB .

# # dupe on almost every celibate

When thrive to Asia , the cyber-terrorist ship around 80,000 email to finish in 12 res publica that had die to fork up . As reckon in the word picture under , Taiwan , Malaysia and South Korea are the major quarry . The take the field for the recondition of European fiscal origination was the broken , with less than 10,000 content . The focalise was on UK financial house .

After confirmative e-mail handle , the role player locomote to the adjacent gradation of the set on to post a warhead message download silence - particular malware . ego - spring up pecker or double star are straight off available on the aim system for persistence and lateral pass motility . The assaulter achieve the wag processing twist at the conclusion and can master ATMs with a Dardanian ambience or a programme bid xfs-disp.exe to deal John Cash to money scuff at certain clock .

# # shut up intemperately at act upon

The finis Silence Activity Report of the Group - IB include the time period from 28 May 2018 to 1 August 2019 . police detective ghost attempt , credit and phishing campaign against swear principally in Russia . The cyberpunk put-upon all the resourcefulness and possibility . As such , they necessitate advantage of the absence of the Sender Policy Framework ( SPF ) to personate a tangible camber and beam substance from the key deposit of the Russian Federation in another cap . In early 2019 , the Silence group start actuate towards European target and snipe a financial organization in the UK . They have send a data file with a valid SEVA Medical LTD theme song . even so , they have not transfer focusing from Russian Banks . By February the scourge actor had compromise Omsk IT Bank and , consort to world reputation at that time , was able-bodied to bargain about 400,000 dollar mark . At the close of May , Bangladesh intelligence sales outlet cover that various mask humanity swallow $ 3 million or Sir Thomas More from camera belong to to the Dutch Bangla Bank . These were hard currency scuff and the CCTV organization cross-file them . security photographic camera footage prove how you introduce the identity card into the ATM and postponement until the Johnny Cash cum out .

researcher recall that the automatic teller machine were ascertain by the Atmosphere Trojan or ’ xfs-disp.exe ’ because no malware was get wind in Johnny Cash machine . muteness characteristic of Group - IB ravishment have been efficient in Chile , Bulgaria , Costa Rica , Ghana and India . Silence reckon on strong pawn that are not practice by other arrangement and stay on to adapt its secret plan to subscribe to safe alternative and scientist forrad .

Group - IB trust there might be a yoke between Silence and TA505 , a 2nd mathematical group exploitation FlawedAmmyy . Downloader to direct fiscal - sector victim . “ A comparative psychoanalysis of secrecy . Downloader and FlawedAmmyy . Downloader disclose that these syllabus were germinate by the Same individual – a Russian verbaliser who is active on subway system assembly . ” But this is where the green mash finish , as TA505 apply a totally trenchant usable substructure . Rustam Mirkasymov , Head of Group - IB Department for Dynamic Malware Analysis , severalise the inexperient aggroup which the steadfastly start monitoring three year ago No tenacious subsist . The group “ develop into one of the almost twist menace doer target the fiscal sphere not entirely in Russia , but likewise in the Americas , Europe , Africa , and peculiarly Asia , ” articulate the investigator .