NEW: Silence Trojan

Silence Trojan: Ongoing attack targeting financial institutions

  • A new trojan has emerged in the past few days targeting financial institutions in Russia, Armenia and Malaysia.
  • First observed by Kaspersky, the Silence trojan and associated threat actor(s) are deploying tactics similar to those used by the Carbanak Gang, a long-established threat to the banking sector.
  • The ongoing attacks are targeted, with hackers spending considerable time gaining access to internal networks, monitoring employees’ activities and obtaining knowledge that is later used to steal funds.
  • The initial attack vector appears to be spear-phishing emails, which are often distributed from the email addresses of employees at previously compromised banks.
  • Emails contain a “Microsoft Compiled HTML Help” file which uses JavaScript and a .VBS script to download and execute the Silence trojan.
  • One of Silence’s modules uses the Windows Graphics Device Interface and API to monitor victims by taking multiple screenshots, thereby providing a real-time pseudo-video stream. This tactic was also used by Carbanak.
  • The Silence operators remain unknown, but a report from Intezer points to code similarities between the Silence loader and the loader used by the Mole ransomware in a United States Postal Service-themed campaign earlier this year.

Screenshot 1 – Silobreaker Time Series – Monitoring “Silence Trojan” from first mention to how articles are breaking and developing over time. As demonstrated below, Silobreaker first noticed a mention of the trojan hours prior to general discovery.

Screenshot 2 – Silobreaker Network – Real-time link analysis leveraging unstructured open source data to detect relationships between various entities. This link analysis gives timely and intuitive insights into the associations surrounding the Silence Trojan.

Screenshot 3 –  Silobreaker dashboard focusing on contextualising the vast amounts of data being published in relation to the Silence Trojan. Included here are Heat widgets monitoring IOCs and Threat Actors related to Silence, along with a Twitter widget pulling content via the Twitter API.

To see further analysis of the Silence trojan and other cyber threats to your organisation in Silobreaker, book an online demo today.

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

This website uses cookies.
See our privacy policy at