An infamous Russian-speaking hacking group – referred to as Silence – is the likely culprit making thousands of attempts to hack major banks in sub-Saharan Africa, cybersecurity company Kaspersky Labs said on Monday.
The group is called Silence because of the silent monitoring done via their malware. They have already carried out a number of successful campaigns targeting banks and financial organisations around the globe.
According to Kaspersky, the typical scenario of an attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.
From there, the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device.
“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars,” says Kaspersky.
“The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.”
Kaspersky accordingly advises financial organisations to introduce basic security awareness training for all employees so that they can better distinguish phishing attempts. Banks should also monitor activity in enterprise information systems and prepare an incident response plan to be ready for potential incidents in the network environment.
In August 2019 Kaspersky reported a cyber attack in which South Africa was apparently among 17 countries targeted by North Korean hackers, related to the activity of the so-called Lazarus group. They also targeted banks and other financial institutions.