The researchers from Kaspersky Lab reported thousands of notifications of attacks on major banks in sub-Saharan Africa. The malware used in the attacks indicates that the threat actor is probably the famous Russian hacker group “The Silence“, Famous for the theft of millions of dollars from banks around the world.
The attacks were attributed to this group because the malware used in this latest incident was previously used only in its operations. In addition, the malware is in Russian, although the threat agent tried to cover it up, typed in the Russian words and used the English keyboard layout.
The first attacks were detected in the first week of January and indicated that the actor is about to begin the final stage of the operation and withdraw funds. The attacks are ongoing and persist in reaching large banks in several sub-Saharan African countries.
The Silence Group is one of the most active advanced persistent threat actors. your modus operandi is a social engineering scheme, through a phishing email containing malware sent to a bank employee.
Sergey Golovanov, a security researcher at Kaspersky, says the group has been active in recent years and lives up to its name. “atOperations require an extended period of silent monitoring, with quick and coordinated thefts. We noticed a growing interest from this stakeholder group in banking organizations in 2017 and since then the group has been constantly developing, expanding into new regions and continuing to update its social engineering scheme.".
