Kaspersky, a cybersecurity company, has warned that its security researchers have reported notifications of attacks on major banks in sub-Saharan Africa.
In a statement released on Monday, Kaspersky said the malware used indicates that the action could be from a Silence hacking group.
The Silence group is reported to be one of the most active persistent threat actors that have carried out attacks on banks and financial institutions across the world.
“The typical scenario of the attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee,” it said.
“From there the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day to day activity on the infected device, learning how things work in the targeted banks.
“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars.
“The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To the date, the attacks are ongoing and persist in targeting large banks in several SSA countries.
“Kaspersky researchers attribute the attacks to the Russian speaking Silence group based on the malware used in the attacks, which was previously used solely in the group’s operations. In addition, the language of the malware is Russian: threat actors attempted to slightly cover this fact by typing Russian words using the English keyboard layout.”
Commenting on the pattern of attacks, Sergey Golovanov, a security researcher at Kaspersky, said: “Silence group has been quite productive in the past years, as they live up to their name; their operations require an extensive period of silent monitoring, with rapid and coordinated thefts.
“We noticed a growing interest of this actor group in banking organisations in 2017 and since that time the group would constantly develop, expanding to new regions and updating their social engineering scheme.
“We urge all banks to stay vigilant, as apart from the large sums Silence group also steal sensitive information while monitoring the Banks activity as they video record screen activity. This is a serious privacy abuse that might cost more than money can buy.”
According to Kaspersky, the malware used in the operation is HEUR:Trojan.Win32.Generic,PDM:Exploit.Win32.Generic.
As a precautionary measure, banks were advised to ensure employees have basic security awareness training, monitor activity in enterprise information systems and prepare an incident response plan in case of eventual attacks.