New APT Campaign Based on Silence Trojan

Delaware, USA – November 1, 2017 – Researchers from Kaspersky Lab have discovered the new APT attack using Silence Trojan that targets financial institutions in Russia, Armenia and Malaysia. The attack started in July 2017 and continued to this day. Adversaries infiltrate the organizations’ networks through malicious CHM attachments in phishing emails. When victim opened the attachment, the htm file with malicious Javascript was automatically executed. This script downloaded and executed the VBS script, which downloaded the dropper. After penetrating the system, adversaries leveraged Silence Trojan to record screen activity, steal credentials and used Winexesvc legitimate tool to execute remote commands. Stolen email credentials were used to infect other banks. After hackers collected enough information about the banking software and operations, they performed money transfers.

It should be noted that another group of cybercriminals recently used CHM files in the attack on Brazil banks. The techniques used by attackers and new malware that can’t be detected by antivirus solutions allow them to collect information and conduct malicious operations for a long time. You can use the analytical content from Use Case Cloud with your SIEM to uncover various threats before adversaries cause severe damage.