As per the researcher at Group-IB, a group of hackers which specializes in targeting banks recently successfully managed to attack four banks in Asia: Bangladesh, India, Sri Lanka, and Kyrgyzstan.
A bank in Bangladesh, Dutch Bangla Bank Limited was compromised and that’s the only breach so far which has been made public. In the month of May, due to several ATM cash-out attacks bank lost over $3 million.
According to the researchers at Group-IB, the group of attackers behind the breach at Dutch Bangla Bank Limited go with the name ‘Silence’. The ‘Silence’ group has been active around 2016 and has a history of targeting banks in Eastern Europe and Russia. As said by the researchers, this is the first time the group has targeted Asia.
The researchers further added that it was evidently seen that the infected systems inside the bank’s network were communicating with the Silence’s servers.
“In this case, we discovered that Dutch Bangla Bank’s hosts with external IPs 184.108.40.206 and 220.127.116.11 were communicating with Silence’s C&C (18.104.22.168) since at least February 2019”
Knowing the exact steps how this breach occurred is unknown, although two men were seen visiting bank’s ATM who were later identified from Ukraine. The men were seen making a phone call and then withdrawing cash, as seen in the YouTube video. ATM cash-outs were made on May 31, although cloned cards have also been used in past by the group in different ATMs of the bank.
NCC Bank and Prime Bank, it was reported that two other banks in Bangladesh were hit as Dutch Bangla Bank but they soon recovered from the attack. However it is unknown if the ‘Silence’ group was involved in these attacks.
Malwares attacks are on rise, and it has been seen that even the antivirus evasion techniques which were discovered years back are still abused by the malware authors today.