<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=694598870919452&amp;ev=PageView&amp;noscript=1">

Researchers from Kaspersky Lab have been monitoring an ongoing cyber-attack dubbed “Silence” that is primarily targeting Russian banks. The attack is also affecting Malaysian and Armenian financial institutions.

OrangeBarredDoor_3_small.jpgThe attack is initiated by first gaining access to an email account of an employee that works in a financial institution. Once the account is accessed, the attacker will then conduct a spear phishing campaign against the other employees.

The email has a “.CHM attachment” which is Microsoft’s help format that consists of a collection of HTML pages and other navigation tools. Once opened, “start.htm” will automatically run while the JavaScript downloads an obfuscated “.VBS script” which will then download the dropper. The dropper is a Win-32 executable that gives feedback to the attacker’s C&C server. It will send the ID of the device and then download malicious payloads.

At the time of this being written, there is no information on which banks are being targeted or how much has been stolen.  

Recent Posts

Posts by Topic

see all

Subscribe to Blog Updates