From 24e4b15156ce67f0e8c7f60b556a1922806d14e3 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Tue, 14 Nov 2017 16:20:08 +0100 Subject: [PATCH] add Silence Trojan --- clusters/tool.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/clusters/tool.json b/clusters/tool.json index 4b8f48a4..b1a62aa9 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3020,6 +3020,15 @@ "https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/" ] } + }, + { + "value": "Silence", + "description": "In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a known but still very effective technique for cybercriminals looking to make money: gaining persistent access to an internal banking network for a long period of time, making video recordings of the day to day activity on bank employees’ PCs, learning how things works in their target banks, what software is being used, and then using that knowledge to steal as much money as possible when ready. \nWe saw that technique before in Carbanak, and other similar cases worldwide. The infection vector is a spear-phishing email with a malicious attachment. An interesting point in the Silence attack is that the cybercriminals had already compromised banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees and look as unsuspicious as possible to future victims.", + "meta": { + "refs": [ + "https://securelist.com/the-silence/83009/" + ] + } } ] }