Bangladesh Cyber Heist 2.0: Silence APT Goes Global (Jul 3, 2019)
The threat group “Silence,” is believed to be responsible behind an attack targeting Dutch-Bangla Bank ATMs, according to Group-IB researchers. Silence is a financially-motivated and Russian-speaking threat group that has been active since at least 2016. The theft took place on May 1 and May 2, 2019. Silence was able to steal at least $3 million (USD) using stolen Personal Identification Numbers (PINs) and credit cards, according to the local media outlet The Daily Star. Researchers believe it is likely that the group used multiple trojans in this incident including: Silence.Download (TrueBot), Silence.MainModule, and Silence.ProxyBot. How the group gained access to the bank’s network is unknown as of this writing, but once access was achieved the group had individuals working for them (money mules) withdraw funds from Dutch-Bangla ATMs amounting to approximately $3 million.
Recommendation: ATM Security relies on the same type of preventative measures as all others, because they are a unique type of computer. In the case of a confirmed infection, the ATM must be taken offline until it can be completely wiped and restored to its original factory settings. An audit of the transactions performed on the ATM should occur along with a formal incident response investigation
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.