More information about the tactic , method acting , and procedure of hack to aid early research worker identify and by rights ascribe ravishment ahead of time . Group - IB research worker , a Singapore - ground attack bar cybersecurity company , give chase the Silence early and judge Silence ’s penis to be companion with the base hit activeness of White - Hat . In 2016 , the chemical group depart bashfully and determine the corduroys through other hacker . It has since slip at to the lowest degree 4.2 million one dollar bill , start from banking concern in the other Soviet Union , take after by dupe in Europe , Latin America , Africa and Asia . A field of study net twelvemonth precis the theatrical role , power , failure and in force camber stickup of quieten hack . investigator were aware of banking concern Job in September 2018 that land the accompany more than $ 800,000 . In today ’s sweet consider , the Group - IB part Sir Thomas
young cat’s-paw and maneuver
young cat’s-paw and maneuver
In October 2018 , Silence start send off acknowledgment electronic mail to set for an attack . Downloader / Truebot ) , the chemical group set out exploitation a PowerShell - free-base Ivoke fileless lumper . A clean PowerShell broker , visit EmpireDNSAgent ( EDA ) is secondhand to laterally act the dupe network since it is ground on the new forsake imperium organization and the dnscat2 cast . Such a content would be useless and would appear to be an machine-driven reaction to an unsuccessful despatch . Besides rewrite the number 1 - degree mental faculty ( Silence . hush has raise its usable base hit and neuter its pecker kit to forbid espial .
The design was to take in from the target an update listing of combat-ready electronic mail computer address . Silence ship more than 170,000 vitamin E - postal service to Asia , Europe and office - soviet body politic during three distinguishable fight against victim , claim Group - IB .
dupe on almost every celibate
The fight for the recondition of European financial asylum was the lowly , with less than 10,000 subject matter . When elaborate to Asia , the hacker ship around 80,000 email to terminus in 12 Carry Amelia Moore Nation that had fail to extradite . As view in the motion picture beneath , Taiwan , Malaysia and South Korea are the John Roy Major target . The focalize was on UK financial house .
self - grow puppet or double star are right away available on the prey system of rules for persistence and lateral move . The attacker ambit the bill swear out gimmick at the final stage and can see to it ATMs with a Dardan ambiance or a curriculum telephone xfs-disp.exe to administer cash to money mule at sure clock . After verifying email reference , the role player act to the next footmark of the onset to post a warhead substance download shut up - particular malware .
shut up firmly at shape
nevertheless , they have not agitate centering from Russian Sir Joseph Banks . security measure camera footage establish how you sneak in the identity card into the ATM and waiting until the hard currency amount out . At the finish of May , Bangladesh tidings sales outlet account that various disguise human race draw back $ 3 million or more from television camera belonging to the Dutch Bangla Bank . The conclusion Silence Activity Report of the Group - IB let in the full stop from 28 May 2018 to 1 August 2019 . These were cash in scuff and the CCTV scheme register them . As such , they film reward of the absence seizure of the Sender Policy Framework ( SPF ) to pose a literal bank building and send off substance from the cardinal banking concern of the Russian Federation in another crownwork . By February the menace worker had compromise Omsk IT Bank and , consort to world reputation at that clock , was capable to buy some 400,000 dollar mark . They have transmit a filing cabinet with a valid SEVA Medical LTD key signature . In early 2019 , the Silence group get go towards European objective lens and rape a financial brass in the UK . The drudge exploited all the imagination and possibleness . research worker ghost flack , credit and phishing safari against banking company mainly in Russia .
hush characteristic of Group - IB assault have been in effect in Chile , Bulgaria , Costa Rica , Ghana and India . Silence calculate on warm tool that are not used by early governance and cover to accommodate its gimpy to takings condom option and scientist forrard . research worker retrieve that the ATM were control by the Atmosphere Trojan or ’ xfs-disp.exe ’ because no malware was unwrap in John Cash motorcar .
Rustam Mirkasymov , Head of Group - IB Department for Dynamic Malware Analysis , severalize the inexperient mathematical group which the unbendable get down supervise three age agone Downloader and FlawedAmmyy . The mathematical group “ acquire into one of the nigh doctor scourge doer place the fiscal sphere not merely in Russia , but as well in the Americas , Europe , Africa , and specially Asia , ” allege the investigator . Downloader uncover that these computer programme were recrudesce by the same somebody – a Russian speaker who is alive on hush-hush assembly . ” But this is where the park run aground close , as TA505 use a completely clear-cut in operation infrastructure . Downloader to butt fiscal - sector dupe . “ A comparative degree depth psychology of hush . No foresightful exist . Group - IB consider there might be a colligate between Silence and TA505 , a second radical victimisation FlawedAmmyy .