Cybersecurity services specialists report the detection of a hacking campaign operated by a group of cybercriminals specializing in attacks against banking institutions; the campaign was detected in four different locations on the Asian continent: Sri Lanka, India, Kyrgyzstan and Bangladesh.
This hacker group has been identified as
“Silence”, has been active at least since 2016 and has a presence in
multiple countries of the former Soviet Union. In one of the attacks at
Bangladesh’s Dutch Bangla Bank Limited, hackers managed to steal more than $3
million USD through several ATM attacks (a practice known as jackpotting)
over the past month; this is the first time the presence of this group is
detected in Asia.
Rustam Mirkazymov, a researcher at a
cybersecurity services firm, claims that hackers appear to have injected
dangerous malware
into Bangladesh’s bank networks. The malware contained various modules for
executing malicious commands on the infected host, in addition to configuring
proxy servers to hide illegitimate traffic. Using this access, Silence
organized the massive attack on the compromised bank’s ATMs.
Further details of these attacks are still
unknown. However, a video posted on YouTube identified two men, allegedly
Ukrainian, visiting various ATMs at Dutch Bangla Bank; after making some calls,
the individuals proceeded to withdraw huge amounts of money. The criminals also
cloned bank cards from multiple bank customers before carrying out the
jackpotting attack.
This mode of operation suggests that hackers
could have used access to the banking network to authorize fraudulent
transactions without raising suspicions of banking security equipment with the
help of atmosphere malware.
According to cybersecurity services specialists
from the International Institute of Cyber Security (IICS), this hacker group
began a mass phishing campaign in late 2018, targeting banking institutions
around the world. This series of attacks appear to be the final stage of this
malicious campaign, which has already generated million-dollar losses on
affected banks. Despite the havoc it has caused, specialists believe this is
actually a small operation involving at least two people; it is suspected that
one of these people could be a cybersecurity professional.
