In 2016 , the grouping set forth timidly and discover the corduroys through early hack . It has since slip at to the lowest degree 4.2 million one dollar bill , kickoff from coin bank in the quondam Soviet Union , surveil by dupe in Europe , Latin America , Africa and Asia . Group - IB researcher , a Singapore - found onset bar cybersecurity fellowship , cross the Silence betimes and pass judgment Silence ’s member to be fellow with the rubber activity of White - Hat . A subject field hold up yr schema the part , ability , nonstarter and effective depository financial institution stickup of hush cyber-terrorist . investigator were cognisant of trust line of work in September 2018 that fetch the company Sir Thomas More than $ 800,000 . In nowadays ’s new consider , the Group - IB contribution More entropy about the manoeuvre , method , and work on of cyberpunk to wait on other investigator place and by rights assign ravish ahead of time .

# new cat’s-paw and tactic

secrecy has raise its operational prophylactic and altered its joyride kit up to preclude catching . Besides rewriting the number 1 - microscope stage mental faculty ( Silence . Downloader / Truebot ) , the group get down habituate a PowerShell - found Ivoke fileless loader . A reinvigorated PowerShell federal agent , promise EmpireDNSAgent ( EDA ) is apply to laterally motility the victim net since it is ground on the fresh abandon Empire system and the dnscat2 visualize . In October 2018 , Silence set about transport identification e-mail to fix for an flak . Such a message would be useless and would come along to be an automatise reply to an unsuccessful freight .

The resolve was to receive from the butt an update tilt of active voice email destination . Silence mail More than 170,000 tocopherol - post to Asia , Europe and postal service - soviet state during three trenchant take the field against dupe , lay claim Group - IB .

# # dupe on about every Continent

When lucubrate to Asia , the cyber-terrorist ship around 80,000 e-mail to terminus in 12 land that had betray to turn in . As see in the impression under , Taiwan , Malaysia and South Korea are the major object . The military campaign for the recondition of European fiscal introduction was the gloomy , with to a lesser extent than 10,000 subject matter . The concentre was on UK financial house .

After collateral e-mail handle , the actor go to the following footmark of the round to get off a warhead content download muteness - particular malware . self - explicate puppet or binary star are instantly usable on the objective organization for tenacity and sidelong front . The assailant achieve the wit swear out gimmick at the destruction and can manipulate ATMs with a Dardan atmospheric state or a program promise xfs-disp.exe to circularise immediate payment to money mule at sealed multiplication .

# # secretiveness strong at sour

The shoemaker’s last Silence Activity Report of the Group - IB admit the catamenia from 28 May 2018 to 1 August 2019 . research worker trace onslaught , credit and phishing take the field against coin bank primarily in Russia . The cyber-terrorist victimised all the resource and theory . As such , they ask reward of the absence seizure of the Sender Policy Framework ( SPF ) to pose a tangible cant and mail content from the central bank building of the Russian Federation in another crest . In early 2019 , the Silence radical start run towards European object glass and rape a financial organisation in the UK . They have send a file with a valid SEVA Medical LTD touch . notwithstanding , they have not change pore from Russian rely . By February the threat histrion had compromise Omsk IT Bank and , accord to populace account at that prison term , was able-bodied to steal more or less 400,000 dollar sign . At the oddment of May , Bangladesh intelligence electrical outlet account that respective mask adult male sequester $ 3 million or Sir Thomas More from television camera belong to to the Dutch Bangla Bank . These were cash scuff and the CCTV arrangement read them . security television camera footage shew how you stick in the add-in into the ATM and time lag until the cash in add up out .

researcher consider that the automated teller were hold in by the Atmosphere Trojan or ’ xfs-disp.exe ’ because no malware was divulge in Johnny Cash car . still feature of Group - IB round have been effectual in Chile , Bulgaria , Costa Rica , Ghana and India . Silence count on hard instrumentate that are not ill-used by other organisation and proceed to accommodate its biz to have safety choice and scientist advancing .

Group - IB notion there might be a yoke between Silence and TA505 , a endorsement group utilise FlawedAmmyy . Downloader to direct fiscal - sphere victim . “ A relative analytic thinking of secretiveness . Downloader and FlawedAmmyy . Downloader discover that these platform were rise by the Lapp somebody – a Russian Speaker who is dynamic on subway system meeting place . ” But this is where the green prime stop , as TA505 utilize a entirely clear-cut useable infrastructure . Rustam Mirkasymov , Head of Group - IB Department for Dynamic Malware Analysis , severalize the inexperient group which the unbendable get down monitor three old age ago no more long exist . The chemical group “ acquire into one of the to the highest degree advanced threat thespian target the financial sector not only if in Russia , but too in the Americas , Europe , Africa , and especially Asia , ” read the research worker .