Merge pull request #117 from Delta-Sierra/master

add Silence Trojan
This commit is contained in:
Alexandre Dulaunoy 2017-11-14 16:30:34 +01:00 committed by GitHub
commit b7bba69ca3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3020,6 +3020,15 @@
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/"
]
}
},
{
"value": "Silence",
"description": "In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a known but still very effective technique for cybercriminals looking to make money: gaining persistent access to an internal banking network for a long period of time, making video recordings of the day to day activity on bank employees PCs, learning how things works in their target banks, what software is being used, and then using that knowledge to steal as much money as possible when ready. \nWe saw that technique before in Carbanak, and other similar cases worldwide. The infection vector is a spear-phishing email with a malicious attachment. An interesting point in the Silence attack is that the cybercriminals had already compromised banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees and look as unsuspicious as possible to future victims.",
"meta": {
"refs": [
"https://securelist.com/the-silence/83009/"
]
}
}
]
}