Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Now here is something new: Russian Banks Targeted by Sophisticated Phishing Emails

    Group-IB

    This does not happen too often, and these attackers must be outside of Russia. If hackers inside Russia attack their own country, the FSB is on their doorstep with a SWAT team in no time.

    On November 15, numerous Russian banks received phishing emails that purported to come from the Central Bank of Russia (CBR), according to a report by Group-IB. The emails contained malicious attachments that delivered a tool used by the Silence hacker group and were nearly identical to official CBR correspondence. Fortunately, the emails did not pass DKIM validation, so their effectiveness was somewhat stunted.

    Last month, another group known as “MoneyTaker” targeted Russian banks with phishing emails supposedly from Russia’s Financial Sector Computer Emergency Response Team (FinCERT). These emails also contained attachments that imitated official CBR documents and triggered a download for the Meterpreter Stager.

    Rustam Mirkasymov, Group-IB’s Head of Dynamic Analysis of malware department and threat intelligence expert, says that phishing campaigns often imitate the Central Bank of Russia because the CBR is responsible for communicating regulations to Russian banks. As a result, the CBR very frequently corresponds with banks across the country. Mirkasymov believes that Silence and MoneyTaker are currently among the top four most dangerous threats to financial institutions in Russia and around the world.

    Both groups are financially motivated. The MoneyTaker hackers are particularly dangerous because they are very versatile in their attack methods, using spear-phishing, drive-by attacks, and infrastructure vulnerabilities to gain access to networks. The Silence hackers stick to more basic phishing campaigns, but they are extremely skilled at crafting their messages to impersonate legitimate sources. This group is also thought to be comprised of rogue cybersecurity employees who have inside knowledge of the industry.

    Attackers are constantly using a multitude of methods to exploit vulnerabilities within organizations. Employees need new-school security awareness training with frequent social engineering tests to keep up with the evolving threat landscape. Bleeping Computer has the story: https://www.bleepingcomputer.com/news/security/russian-banks-under-phishing-attack/

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Russia

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews