A small Russian hacking group should be considered the main suspect in a bank heist of $3 million in Bangladesh, according to research published Wednesday.
The group, which researchers are calling “Silence,” appears to have softened up access controls on Dutch Bangla Bank ATMs before money mules made a series of cash withdrawals ending on May 31, according to Group-IB, an international security vendor with headquarters in Singapore.
Infrastructure used in the past by Silence hackers communicated with external IPs from Dutch Bangla Bank in the months prior to the cash extractions, Group-IB said. By abusing access to the banking system, Silence could have removed withdrawal limits on the ATMs. The money mules were caught on security cameras. Local law enforcement officials previously said the crooks might be connected with Lazarus Group, a cybercrime organization linked to North Korea, according to local news reports.
Lazarus is the same hacking team that was blamed for trying to steal nearly $1 billion from Bangladesh’s central bank in 2016. They ultimately made off with $81 million in what has been described as the most expensive hack on a financial organization.
Group-IB first detected Silence in 2016, when the thieves attacked bank management and card processing systems in their home country, Ukraine, Poland and elsewhere in the region.
“Having testing their tools and techniques in Russia, Silence has gained the confidence and skill necessary to be an international threat to … banks and corporations,” Rustam Mirkasymov, head of dynamic analysis of malicious code at Group-IB, said in an emailed statement. “Asia particularly draws cybercriminals’ attention.”
Group-IB is aware of at least four other Silence attacks in Asia that have occurred in India, Bangldesh, Sri Lanka and Kyrgyzstan, the company told CyberScoop. Details of those incidents have not been made public.
In this case, Group-IB cites local media reporting as part of its research. The $3 million theft was initially published by outlets like the Daily Star, which reported last month that three banks had been hit by cyberattacks. The theft from Dutch Bangla Bank was the largest, and the malware planted on the bank’s switch card management system was such a perfect replica of the technology that the bank apparently didn’t notice.
Later, local media published a video of a team of money mules visiting bank ATMs, making a phone call and withdrawing crash.
Other banks, NCC Bank and Prime Bank, also said they were attacked but that they did not suffer any financial losses, according to the Daily Star. Whether Silence was behind those incidents was not immediately clear.
Group-IB published more detailed findings about the Silence group last year, suggesting it was a small, Russian-speaking hacking outfit primarily motivated by financial gain.