TA505 Russian Hacking Groups Attack banks and Financial Organizations In Europe

Recently, in a report this week, Group-IB researchers recognize lightly of a connection between Silence and another Russian threat group, TA505, which targets financial organizations. Though the actual operations run by the two hacker clubs that don’t resemble to be connected, the researchers state.

Silence is a frequently active and sophisticated group that simulates a significant threat to financial organizations throughout the world, states Rustam Mirkasymov, head of the dynamic malware analysis department at Group-IB.

The Singapore-based cybersecurity firm published its initial report on Silence in September 2018, reporting a small group that was then growing into a more global threat.

Tools and Attack Types

Depending on the tools used in the attacks were traced to Silence and TA505, financially-motivated groups. Whereas the TA505’s history of assaults involves targets in the pharmaceutical sector, if security researchers are right, these conflicts would signalize for Silence a variation from its usual targets, which are banks and financial organizations.

Well, the criminal club has now converted “one of the most complicated threat actors targeting the financial sector not only in Russia but also in Latin America, Europe, Africa and particularly Asia as well,” states Rustam Mirkasymov, head of the dynamic malware analysis department at Group-IB.

Silence has originated at least 16 new operations against banks over the last 12 months, according to the Group-IB’s threat intelligence team. Those have involved activities in India, Russia, Kyrgyzstan, Costa Rica, Bulgaria, Chile, and Ghana.

It also was following a $3 million attack on Dutch-Bangla Bank in May, supposedly practicing so-called “money mules” to withdraw money from ATM’s affected with Silence’s malware.

However, Group-IB researchers have noticed Silence’s communication and control servers interacting with anonymous IPs in the United States and Canada, he writes. But they haven’t yet identified a strong Silence attack in each country.

They state that “It does not mean, however, that Silence will never work their hand attacking companies in North America at some point. Hence, they are growing immediately, and in just one year, have significantly expanded the geographic scope of their assaults”.

Hence, Rustam Mirkasymov, the head of the Dynamic Malware Analysis organization at Group-IB, states that the goal of the attack may have been either a ransomware virus or a complicated supply-chain charge.

However, if ransomware was the end game, then TA505 is comprehended to use at least three forces in the past – Locky, Rapid, and Clop. But, the ultimate payload in these new cases could not be recognized because the intervention was discontinued at an intermediary stage.

Therefore, the specialist imposes with the modest assurance that Silence is after these activities. However, he does not eliminate the probability that the group’s tools were traded to another threat actor or obtained by TA505.

Well, Mirkasymov says, “There is not a bunch of information regarding Silence’s tactics and procedure accessible in the public domain, which executes it harder to identify and stop their attacks at initial stages. That is why Silence did not compose down and could improve the frequency of their targets. Another factor that enables Silence to rest largely overlooked is that this APT continues to undervalued by the banks globally.”

So, what do you think about this? Simply share all your views and thoughts in the comment section below. And if you liked this post, then simply do not forget to share this post with your friends, family, and on your social profiles as well.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates