Hacking Groups

 

2018

 

Hacker Steals Crypto from Copay Wallet Apps

28 Nov 2018
https://www.infosecurity-magazine.com/news/hacker-steals-crypto-from-copay/
 

New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap

23 Nov 2018
https://www.welivesecurity.com/2018/11/23/new-yorker-accused-stealing-1m-sim-swap/
 

The fake Tesco competition email scam that tempts customers into handing over banking details with promises of prizes

Angelique Ruzicka, 22 November 2018
https://www.thisismoney.co.uk/money/beatthescammers/article-6413875/Fake-Tesco-competition-lures-customers-prizes-personal-information-steal-money.html
 

Are bank scammers finally about to be stopped in their tracks?

16 November 2018
https://www.thisismoney.co.uk/money/podcast/article-6397373/Follow-money-bank-scammers-stopped-tracks-Money-podcast.html
 

One of the world's most dangerous hackers is 'emptying' ATMs: 10 things to know

Gadgets Now Bureau, Nov 9, 2018
https://www.gadgetsnow.com/slideshows/one-of-the-worlds-most-dangerous-hackers-are-emptying-atms-10-things-to-know/One-of-the-worlds-most-dangerous-hackers-is-emptying-ATMs-10-things-to-know/photolist/66556247.cms
 

Lazarus hackers engage in ‘FASTCash’ scheme to steal tens of millions of dollars from ATMs

9 Nov, 2018
https://www.itpro.co.uk/cyber-crime/32331/lazarus-hackers-engage-in-fastcash-scheme-to-steal-tens-of-millions-of-dollars
 

‘Jackpotting’ hackers stole $267,000 from Western Washington banks

October 1, 2018
https://q13fox.com/2018/10/01/jackpotting-hackers-stole-267000-from-western-washington-banks/
 

Cobalt cybergang starts up new campaign

31 August 2018
https://www.finextra.com/newsarticle/32593/cobalt-cybergang-starts-up-new-campaign/security
 

2017

 

Hacking group targets banks with stealthy trojan malware campaign

2017-11-01

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

A previously unknown but highly organised hacking group is carrying out a series of cyber attacks against banks and financial institutions around the world, deploying trojan malware to gain entry into networks.

The attackers are capable of monitoring everything a victim does in order to provide them with all the information they need to sneak around bank networks and make off with stolen funds.

Uncovered by Kaspersky Lab, the 'Silence' hacking group is suspected to be a Russian-speaking operation which has hit at least 10 financial organisations including those in Armenia and Malaysia, but mostly within Russia.

The initial attack techniques of Silence campaigns are similar threat actors including the infamous Carbanak group - initial victims are tricked by phishing emails which give the attackers a foothold into the network. They'll remain there for a long time, only striking when they have enough information to steal large amounts.

Those behind Silence are appear to be actively targeting banks which have previously been attacked. They use emails from the addresses of real employees who have had accounts compromised - potentially bought from the dark web - to send a phishing email about what looks to be a routine request about opening a customer account.

The message comes with a malicious attachment in the form of a 'Windows help . CHM' file which runs once the document has been opened. An embedded JavaScript within this automatically downloads and executes a Visual Basic script which then in turn downloads the a malware dropper from a command and control server.

See also: Cyberwar: A guide to the frightening future of online conflict

It's the Russian language in the code which has led researchers to the conclusion that the attack group is Russian-speaking.

Once downloaded and installed on the system, the malware allows the attackers to take multiple screenshots of the victim's active screen, providing a real-time stream.

A similar technique was used by Carbanak to gain an understanding of the victim's day-to-day activity and points to the ultimate end goal of Silence - obtaining all the information required to eventually steal money.

The malware also includes a Winexecsvc tool which allows the execution of remote commands - useful when it comes to the attackers making their way around the infected network.

Researchers note that this particular campaign has been successful in attacking financial institutions, no matter where in the world they're based or what the network infrastructure looks like.

"We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank's security architecture," said Sergey Lozhkin, security expert at Kaspersky Lab.

While Silence uses very similar techniques to the Carbanak group - which has stolen more than $1 billion from banks worldwide - it's still uncertain if the two groups are at all related.

Researchers have warned the the attacks are still ongoing.