New report claims pen testers carried out banking attacks

A newly-discovered Russian hacking group is thought to have ties to the cybersecurity industry, with at least one member accused of being a grey hat.

The group, known as Silence, has been launching undetected attacks on banks in Russia and Eastern Europe for at least two years.

It was recently uncovered by cybersecurity firm Group-IB, which has accused at least one member of being a former or current security professional.

According to Group-IB, Silence has just two members, and has been hacking as far back as 2016.

It is accused of trying to withdraw money from Russian inter-bank transaction system AWS CBR in 2016, but the plan was foiled by employees.

A month later Silence gained access to the bank again but was unsuccessful.

Finally in October 2017, Silence stole more than $100,000 from the bank, later taking $550,000 and $150,000 in further attacks.

These attacks were carried out using spear-phishing emails containing modified exploits for known Windows and Office vulnerabilities.

It was the knowledge of the exploits and skills used to alter strains of malware that led Group-IB to accuse at least one team member of working as a cybersecurity expert.

After tracking and researching the group for more than a year, it determined there were at least two actors – a developer and a pen tester.

Dmitry Volkov, CTO of Group-IB, said: “It is obvious that the criminals responsible for these crimes were at some point active in the security community. Either as penetration testers or reverse engineers.”

The findings come a month after a report that found one in 22 cybersecurity professionals have admitted to taking part in grey hat activity.

Grey hats are security workers who have also carried out illegal hacking activities, for example hacking into websites without permission, or stealing data from their company networks.

The survey, by Osterman Research, cited financial gain and revenge as two major motivations.

Rising interest rates

Banks in Russia and Eastern Europe are increasingly becoming targets for hackers.

Back in October 2017, a major banking scam was uncovered by a team from Trustwave SpiderLabs, which detailed how malicious hackers were manipulating overdraft limits on debit cards, allowing them to withdraw large amounts of money.

According to the report, the perpetrators were opening bank accounts under fake identities and removing overdraft limits on their accounts.

They would then post the cards overseas, where another team member would withdraw huge amounts of stolen cash.

The scam was carried out for around six months before it was detected.

And in August this year, notorious hacking squad Cobalt Group was named as the team behind a number of hacks on Eastern European financial institutions.

It was found to have infiltrated both the NS bank in Russia and the Patria Bank in Romania, making off with funds using a spear-phishing attack.

Cobalt Group is said to have stolen more than €1 billion ($1.16 billion) in campaigns since 2013, and remains active despite the leader of the gang being jailed.