IFin Media Ayfin Media

The Ayfin Media company is engaged in the organization of annual actions for banking sector.

2019: Cyber attack of the Silence group to the Russian banks under the guise of the invitation to iFin

On January 18, 2019 Group-IB announced a large-scale wave of harmful mailings of the Silence group in Russia. Since the beginning of year it is the largest attack numbering more than 80,000 receivers — the staff of the Russian credit and financial organizations among which the main share is occupied by banks and large payment systems.

The mass attack began with phishing mailings of Silence on January 16. The harmful investment was disguised under the invitation to iFin-2019. It is interesting that the XIX International Forum iFin-2019 'Electronic Financial Services and Technologies', really, will take place in Moscow on February 19 and 20 about what organizers of the event made mailing about 9 in the morning across Moscow on January 16. In several hours 'invitation' was sent by Silence. False mailing was conducted on behalf of "Forum iFin-2019", but with the address info@bankuco [.] com. Text coincidence indicates that in the letter malefactors used the official announcement invitation, but edited it.

'Fill out the questionnaire in the attached archive and send us. You receive two free invitation and the name of your bank will be placed on the official portal of a forum', said in not too competent letter of Silence. In the attachment the ZIP archive in which the invitation to a bank forum and a harmful investment of Silence.Downloader aka TrueBot — the tool which is used only by hackers of Silence was attached to the message.

Practice of masking by malefactors of malware under official invitations is widespread at the pro-state hacker groupings (APT) which specialize in espionage: they send to the Defense Ministries, embassies, the ministries and media of 'invitation' to conferences of NATO, the UN or the EU in which malware, which purpose to spy on the receiver are hidden.

In January phishing mailing the real announcement of a financial forum was used, it once again confirms the version that participants of Silence, one of the smallest and slaboizuchenny hacker groups, the people who were presumably engaged or engaged in legal work, including, pentests and a reverse engineering in the financial sector are.

This version is spoken well also by other fact: within the January campaign specialists of Group-IB detected two more phishing mailings aimed at the Russian banks, allegedly on behalf of chiefs of departments of interbank transactions of nonexistent banks — ICA Bank Ltd and Bankuralprom Ltd. Senders appealed to banks quickly to consider a question on opening and service of correspondent accounts of their organizations. The investment contained archive with the agreement when which unpacking on the computer of the user the same malware Silence.Downloader was loaded.

As showed the analysis of the text of the letter, hackers of Silence are not insured from errors — in the letter on behalf of Bankuralprom Ltd in the signature other nonexistent bank BANKYUKO Ltd appears. Check to the specified addresses showed that there the office of other credit and financial organization and the apartment house is located.

Experience of Group-IB shows that cybercriminals actively attack financial institutions during the period from December 25 to January 14. On the eve of New Year's holidays on accounts of banks a large number of money is, as a rule, accumulated; bank workers are not so vigilant, many of them, not excepting a security service, go on leave. Malefactors use it.

During the period from December 25 to December 27 Group-IB recorded harmful mailings of Silence on financial institutions. This time other scheme using social engineering was applied. Criminals sent letters allegedly from the real-life pharmaceutical company which employee appealed to bank to open the corporate account and the salary project. Hackers of Silence, being represented by "cofounder" of pharmaceutical company, in details described filial structure, specified the number of employees and 'hurried' with change of the partner in the salary project. Moreover, "prototype design" was allegedly enclosed in the letter to make the branded bank cards for personnel …

The similar 'ready' offer from the client — very 'an appetizing bait' for bank. Probability that the bank employees who received the similar offer will open the attachment is high. However unpacking of archive will be resulted by loading of a loader, and then and the main module Silence on the machine of the victim.

The harmful activity of December and January campaigns was recorded by Group-IB Threat Detection System in the Russian banks and blocked. All clients of Group-IB were quickly notified on attack indicators and also methods of protection. It is obvious that the scale of actions of Silence increases: we observe growth of the attacks not only across Russia, but also active actions concerning the European and Middle Eastern financial companies. What is remarkable, we fix changes in work of group which began to appear later nekotordanny momeny time after release of the technical report Group-IB describing tactics of actions of hackers and a part of the attacks. Rustam Mirkasymov, head of department of dynamic analysis of a malicious code, Group-IB cyberinvestigation expert

2014: The first forum "All Bank Automation" is organized

In 2014 the Ayfin Media company organized the first Forum "All Bank Automation". Along with large foreign corporations (Oracle, Microsoft, SAP, MISYS) and the domestic companies (CFT, Diasoft, BEFIT, iCAM, BSS, 1C), the equipment and the software more than 70 developer firms is presented at an exhibition.

2011: Organization of the Mobile Finance conference

Since 2011 the Ayfin Media company together with ARB will organize the MobiFinance conference devoted to the overview of a current status and discussion of perspectives of market development of mobile and contactless payments.

2001: Start of holding the forum iFin with assistance of Intel

Since 2001 the forum iFin "Electronic Financial Services and Technologies" with assistance of the Association of Russian Banks (ARB) and National Association of Securities Market Participants (NAUFOR) is held. As the general sponsor of iFin for the first ten years the Intel company acted.

See Also

• Organizers of conferences on subjects IT and telecom in Russia