add Silence Trojan

pull/117/head
Deborah Servili 2017-11-14 16:20:08 +01:00
parent 09bab156c7
commit 24e4b15156
1 changed files with 9 additions and 0 deletions

View File

@ -3020,6 +3020,15 @@
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/"
]
}
},
{
"value": "Silence",
"description": "In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a known but still very effective technique for cybercriminals looking to make money: gaining persistent access to an internal banking network for a long period of time, making video recordings of the day to day activity on bank employees PCs, learning how things works in their target banks, what software is being used, and then using that knowledge to steal as much money as possible when ready. \nWe saw that technique before in Carbanak, and other similar cases worldwide. The infection vector is a spear-phishing email with a malicious attachment. An interesting point in the Silence attack is that the cybercriminals had already compromised banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees and look as unsuspicious as possible to future victims.",
"meta": {
"refs": [
"https://securelist.com/the-silence/83009/"
]
}
}
]
}