SA banks not impacted by Russian hacking group

Read time 2min 00sec

There has been no impact on South African banks despite reports that a Russian hacking group is targeting banks in Sub-Saharan Africa.

This is according to the South African Banking Risk Information Centre (SABRIC), a non-profit organisation formed by local banks to support the banking industry in the combating of crime.

Yesterday, researchers from Kaspersky Lab reported thousands of notifications of attacks on major banks in Sub-Saharan Africa.

The researchers said the malware used in the attacks indicates the threat actor is most likely to be the notorious Silence hacking group, infamous for the theft of millions of dollars from banks around the world.

They note the attacks have been attributed to this group because the malware used in this latest incident was previously used solely in its operations. Moreover, the malware is in Russian, although the threat actor attempted to slightly cover this fact by typing Russian words using the English keyboard layout.

The Silence group is one of the most active advanced persistent threat actors. Its modus operandi consists of a social engineering scheme, through a phishing e-mail that contains malware sent to a bank employee.

In a statement this afternoon, SABRIC says it is aware of the media statement issued by Kaspersky on 13 January about potential malware attacks on major banks in the Sub-Saharan Africa region, entitled “Silence before the storm: Russian-speaking hacking group is attacking banks in Sub-Saharan Africa”.

It points out there has been no impact on South African banks to date and it is business as usual as all banking services are operating normally.

Nevertheless, SABRIC says the banking industry takes cyber security very seriously and has robust risk mitigation strategies in place.

Because banks, as the custodians of money, are continuously under attack globally, these strategies are agile and are reviewed as new threats are identified, it says.

“The banking industry collaborates by sharing information to ensure our cyber resilience is continually strengthened. We will continue to monitor this situation very closely as an industry,” says SABRIC acting CEO Susan Potgieter.

See also