Original Post from Security Affairs
Author: Pierluigi Paganini
Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors.
Group-IB, a Singapore-based
At least two companies operating in pharmaceutical and manufacturing sectors have been affected. Group-IB
According to industry researchers, TA505 is known to have carried out attacks on banks, medical
The malware samples used in the European attacks showed up on VirusTotal on February 2 and have been classified as Silence.ProxyBot (MD5: ce04972114bbd5844aa2f63d83cdd333) and 2 upgraded versions of Silence.MainModule (363df0b3c8b7b390573d3a9f09953feb & 800060b75675493f2df6d9e0f81474fd). During the analysis of these samples Group-IB Threat Hunting Intelligence team has identified at least two affected companies from Belgium and Germany.
The victims have been notified by Group-IB and provided with all the information to stop the incidents. In addition to the victims, Group-IB experts have managed to establish the CnCs used during the attacks 195.123.246
The former has been active since late January 2020. Further analysis of cybercriminals’ infrastructure revealed two other executables had likely been deployed during the European campaign: an LPE exploit for CVE-2019-1405 and CVE-2019-1322 (comahawk.exe) and a Meterpreter stager TinyMet. It’s important to note that TinyMet was compressed using a packer developed by TA505 – a longtime friend of Silence in the business.
The alleged connection between Silence and TA505 was described in Group-IB’s recent report “Silence 2.0: Going Global” for the first time.
Group-IB researchers carried out comparative analysis of Silence
“While the extent of the damage caused is yet unknown, the choice of the targets, that are unorthodox for Silence, gives some basis to believe that this was either a ransomware attack or these companies were compromised as part of a complex supply-chain attack.” comments Rustam Mirkasymov, Head of Dynamic Malware Analysis department at Group-IB.
“Having analyzed the
According to Group-IB’s “Silence 2.0: Going Global” report, issued in August, Silence significantly expanded their
About the author Group-IB:
Group-IB is a leading provider of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB is a partner of INTERPOL, Europol, and has been recommended by the OSCE as a cybersecurity solutions provider. Group-IB is a member of the World Economic Forum.
(SecurityAffairs – Russian-speaking hackers, cybercrime)
The post New financially motivated attacks in Western Europe traced to Russian-speaking threat actors appeared first on Security Affairs.
Go to Source
Author: Pierluigi Paganini