August 21, 2019 at
A single hacking group has managed to
terrorize the planet after stealing more than 160,000 email addresses and $4.2
million in over 30 countries. The Russian-speaking Silence APT (advanced
persistent threat) group is now shifting its focus on an emerging, profitable
market: the Asia Pacific region.
According to the latest reports, Silence is now performing its operation in the APAC region and customizing its resources to conduct targeted attacks. It has already managed to steal millions of dollars from financial institutions in the area, and there are no indications of them stopping now.
A Profitable and Promising
Maybe the group should consider changing its
name, with all the noise it is causing because of its repeated attacks. Some of
the targeted countries in the area are emerging financial powerhouses such as
South Korea, Taiwan, Malaysia, Singapore and other countries in the
geographical area, per a report from Singapore-based online security company
One of Silence’s most significant moves in
2019 has been the Dutch-Bangla Bank one. It has been attributed to the group,
and it occurred in the month of May in Bangladesh, not coincidentally, a
country in the Asia Pacific region. The financial institution reported the loss
of approximately $3 million, money that was taken from ATMs by masked people
that were, purportedly, related to Silence.
Of course, that wasn’t the first time that
APAC banks were targeted by the APT group, and it probably won’t be the last.
Near the end of 2018, specifically in November, the association sent roughly
80,000 reconnaissance emails to people in Asia according to reports. A minimum
of 2,352 of them was intended for recipients in Singapore, a nation that has
blossomed financially, and because of that, it has become an attractive target
for hackers and cybercriminals in the continent.
A Marked Evolution
Group-IB’s most recent report names Silence
and identifies it as having evolved from a small and inexperienced cybercrime
association with rudimentary resources to an APT powerhouse that is now
representing a real threat to banks all over the world, most notably in Asia.
In its early days, the group used to direct its attacks to post-Soviet nations,
but it has now expanded its reach.
The Group-IB folks have been describing
Silence’s modus operandi, in the form of tactics, techniques, and procedures
(TTPs) since September 2018. It observed that while it lacked experience in
breaching banks in comparison to other associations, it made up for this
situation by carefully studying and adapting other group’s strategies and
An example of that situation is the fact the Silence implemented Kikothac, a backdoor it borrowed from another entity, as a testing resource before coming up with their own tools and resources to attack ATMs and systems that process cards.
Naturally, and because of the magnitude of its
latest operations, online security experts and researchers have been
scrutinizing its every move, which is also true for any APT group. Usually, Silence’s
reconnaissance emails have links with no malicious payload, but it is actually
a strategy that allows the hacking association to obtain further email
addresses for future offenses.
While companies and financial institutions in
the area are certainly aware of the fact that there is a recent threat to their
operations, experts in cybersecurity insist on adopting an enhanced focus on
safety and being mindful of the current limitations of specific security
The message is clear: there is more work to be
done to achieve protection against APT groups like Silence, despite the fact
that APAC, as a region, is working towards the coordination of common
cybersecurity approaches and techniques.
According to a recent study, healthcare
institutions in the Asia Pacific area stand to lose approximately $23.3 million
in hacking and cyber attacks. In Australia alone, roughly 800 different data
breach events were reported a year after the nation introduced changes to the
data breach notification scenario.