08
Jul
2019

Kaspersky: Silence APT group expands hacking targets, moving activity outside the CIS region

Kaspersky has been monitoring malicious activities from hacking group Silence APT for several years, with the first public report on the threat actor’s tools and techniques being made available in the autumn of 2017.

The group’s activity has remained stable since the report was launched – apart from occasional modifications of anti-emulation and anti-detection techniques. However, since the beginning of 2019, Kaspersky’s experts have noticed a worrisome trend: an increase in the number of financial organizations outside the CIS region being targeted by the group. In particular, new victims have emerged in APAC countries – including Bangladesh.

Silence is a Russian-speaking hacking group, known for targeting financial organizations. It is among the most devastating and complex cyber-robbery operations – like Metel, or Carbanak. Most of these groups’ operations share similar techniques to gain persistent access to banking networks for a long period and then monitor internal activities to use that knowledge to steal as much money as possible.

Silence in particular tends to compromise its victim’s infrastructure via spear phishing emails.

Take the following measures in order to protect networks from possible breaches:

  • As many targeted attacks it start with phishing or other social engineering techniques, introduce security awareness training to teach employees practical skills
  • For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform
  • Provide your SOC team with access to the latest Threat Intelligence datasheets, to keep up to date with new and emerging tools, techniques and tactics used by threat actors
  • For better ATM protection, use a proper security solution. Outdated ATMs, which have outdated protection or even lack it at all, also require a solution against modern threats. This is developed by taking into account the specific protection needed on different devices, found in solutions such as Kaspersky Embedded System Security. It enables segregation of rights, meaning that even a local IT specialist cannot change the security settings of the solution and turn off the protection

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *