Notorious 'Silence' hacking group targeting banks in sub-Saharan Africa
A global cyber security company warned on Monday that its researchers had flagged thousands of notifications of attacks on major banks in sub-Saharan Africa.
Kaspersky said the malware used in the attacks indicated the threat most likely emanated from the infamous Silence hacking group, known to be responsible for the theft of millions of dollars from banks across the world.
“The attacks detected began in the first week of January 2020 and indicated the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several countries,” Kaspersky said.
“Silence group has been quite productive in the past years as they live up to their name. Their operations require an extensive period of silent monitoring, with rapid and co-ordinated thefts. We noticed a growing interest of this actor group in banking organisations in 2017, and since that time the group would constantly develop, expanding to new regions and updating their social engineering scheme,” said Sergey Golovanov, a security researcher at Kaspersky.
Golovanov urged all banks to stay vigilant as apart from large sums of money the Silence group also stole sensitive information while monitoring banking activity by recording video off targeted computers.
“This is a serious privacy abuse that might cost more than money can buy.”
In October, the city of Johannesburg was hit by a major hacking incident in which it was ordered to pay a bitcoin ransom, failing which the hackers threatened to leak compromised city data on the internet.
Kaspersky advised financial organisations to be vigilant and said they should:
- Introduce basic security awareness training for all employees so they could better distinguish phishing attempts.
- Provide security teams with access to up-to-date threat intelligence data to keep pace with the latest tactics and tools used by cyber criminals.
- Prepare an incident response plan to be ready for potential incidents in the network environment.