Nigeria, other SSA countries targets of Russian hacking group

Africa’s largest economy, Nigeria, alongside other countries in the Sub-Saharan Africa, is now the target of attacks by a Russian hacking group, investigations by Kaspersky Lab researchers have revealed.

Researchers at Kaspersky Lab, a multinational cyber security and anti-virus provider headquartered in Moscow, Russia, has reported thousands of notifications of attacks on major banks in Sub-Saharan Africa.

According to the team of experts, the malware used in the attacks indicates the threat actor is most likely to be the notorious silence hacking group, infamous for the theft of millions of dollars from banks around the world.

“The attacks have been attributed to this group because the malware used in this latest incident was previously used solely in its operations. Moreover, the malware is in Russian, although the threat actor attempted to slightly cover this fact by typing Russian words using the English keyboard layout.

“The Silence group is one of the most active advanced persistent threat actors. Its modus operandi consists of a social engineering scheme, through a phishing e-mail that contains malware sent to a bank employee,” Kaspersky has said.

The experts further explained that following this, the malware gets inside the bank’s security perimeter and lays low for a while, performing reconnaissance on the target organisation by capturing screenshots and making video recordings of the daily activity on the infected device, learning how things work within the organisation.

Once the bad actors are ready to take action, they activate all capabilities of the malware and cash out using, for example, automated teller machines (ATMs).

The score sometimes reaches millions of dollars, they alerted.

The cyber security laboratory explained that the first attacks were detected in the first week of January and indicated the threat actor is about to begin the final stage of operation and cash out the funds. The attacks are ongoing and persist in targeting large banks in several Sub-Saharan Africa countries.

Sergey Golovanov, security researcher at Kaspersky, says the Silence group has been active over the past few years, and lives up to its name.

“Their operations require an extensive period of silent monitoring, with rapid and coordinated thefts. We noticed a growing interest of this actor group in banking organisations in 2017, and since that time, the group would constantly develop, expanding to new regions and updating their social engineering scheme.”

Kaspersky has also urged all banks to stay vigilant. Apart from large sums of money, it said “Silence group also steals sensitive information as video record screen activity.”