Financial institutions facing targetted threat from Silence trojan which infiltrates internal banking networks
A new targeted attack on financial institutions have been uncovered by researchers at Kaspersky Lab.
The discovery was made in September but the attacks by the ‘Silence’ trojan are still ongoing, mostly against banks in Russia, but also financial institutions in Malaysia and Armenia.
According to Kaspersky Lab, the attackers are using tools and techniques similar to the notorious Carbanak group uncovered by the security specialists in 2015.
The criminals begin their attack by using classic spear-phishing attempts with a malicious attachment. Unfortunately, there is a high chance this will get through, as the Silence attack is done after the cybercriminals have already compromised banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees.
This makes the spear-phishing emails look as unsuspicious as possible to future victims, and the attackers request a bank account be opened.
But the malicious attachment is a “Microsoft Compiled HTML Help” file and once the attachment is opened by the victim, the embedded .htm content file (“start.htm”) is executed.
“The goal of the script is to download and execute an obfuscated .VBS script which again downloads and executes the final dropper,” said Kaspersky Lab.
Source: Silicon UK