This does not happen too often, and these attackers must be outside of Russia. If hackers inside Russia attack their own country, the FSB is on their doorstep with a SWAT team in no time.
On November 15, numerous Russian banks received phishing emails that purported to come from the Central Bank of Russia (CBR), according to a report by Group-IB. The emails contained malicious attachments that delivered a tool used by the Silence hacker group and were nearly identical to official CBR correspondence. Fortunately, the emails did not pass DKIM validation, so their effectiveness was somewhat stunted.
Last month, another group known as “MoneyTaker” targeted Russian banks with phishing emails supposedly from Russia’s Financial Sector Computer Emergency Response Team (FinCERT). These emails also contained attachments that imitated official CBR documents and triggered a download for the Meterpreter Stager.
Rustam Mirkasymov, Group-IB’s Head of Dynamic Analysis of malware department and threat intelligence expert, says that phishing campaigns often imitate the Central Bank of Russia because the CBR is responsible for communicating regulations to Russian banks. As a result, the CBR very frequently corresponds with banks across the country. Mirkasymov believes that Silence and MoneyTaker are currently among the top four most dangerous threats to financial institutions in Russia and around the world.
Both groups are financially motivated. The MoneyTaker hackers are particularly dangerous because they are very versatile in their attack methods, using spear-phishing, drive-by attacks, and infrastructure vulnerabilities to gain access to networks. The Silence hackers stick to more basic phishing campaigns, but they are extremely skilled at crafting their messages to impersonate legitimate sources. This group is also thought to be comprised of rogue cybersecurity employees who have inside knowledge of the industry.
Attackers are constantly using a multitude of methods to exploit vulnerabilities within organizations. Employees need new-school security awareness training with frequent social engineering tests to keep up with the evolving threat landscape. Bleeping Computer has the story: https://www.bleepingcomputer.com/news/security/russian-banks-under-phishing-attack/