Kaspersky: Silence APT group expands hacking targets, moving activity outside the CIS region

Kaspersky has been monitoring malicious activities from hacking group Silence APT for several years, with the first public report on the threat actor’s tools and techniques being made available in the autumn of 2017.

The group’s activity has remained stable since the report was launched apart from occasional modifications of anti-emulation and anti-detection techniques. However, since the beginning of 2019, Kaspersky’s experts have noticed a worrisome trend: an increase in the number of financial organizations outside the CIS region being targeted by the group. In particular, new victims have emerged in APAC (Asia Pacific) countries including Bangladesh.

Silence is a Russian-speaking hacking group, known for targeting financial organizations. It is among the most devastating and complex cyber-robbery operations, like Metel or Carbanak. Most of these groups’ operations share similar techniques to gain persistent access to banking networks for a long period and then monitor internal activities to use that knowledge to steal as much money as possible.

Silence, in particular, tends to compromise its victim’s infrastructure via spear-phishing emails.

Take the following measures in order to protect networks from possible breaches:

  • As many targeted attacks, it starts with phishing or other social engineering techniques, introduces security awareness training to teach employees practical skills
  • For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform
  • Provide your SOC team with access to the latest Threat Intelligence datasheets, to keep up to date with new and emerging tools, techniques and tactics used by threat actors
  • For better ATM protection, use a proper security solution. Outdated ATMs, which have outdated protection or even lack it at all, also require a solution against modern threats. This is developed by taking into account the specific protection needed on different devices, found in solutions such as Kaspersky Embedded System Security. It enables segregation of rights, meaning that even a local IT specialist cannot change the security settings of the solution and turn off the protection