Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers. The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector. The fraudulent emails purported to come from the Central Bank of Russia (CBR) and contained a malicious attachment. The message body lured the recipients to open the attachment in order to check the latest details on the “standardization of the format of CBR’s electronic communications.”
Corin Imai, Senior Security Advisor at DomainTools:
“This is an example of a phishing campaign at its most dangerous. Targeting financial institutions, and with seemingly inside knowledge of the inner workings of the Central Bank of Russia means these phishers are likely to be highly successful. Organisations such as the CBR need to make sure that their customers are aware when scams such as this present themselves, and make sure they are well informed as to the tell-tale signs of phishing attacks, such as an unusual email address or typos in the associated URLs. Unfortunately, until organisations begin to take more proactive measures against phishers, these campaigns are likely to stay with us.”
