Updated on 2022-12-12
Back in 2020, several security firms claimed that a financially-motivated hacking group named Silence might have connections to EvilCorp, a Russian cybercrime cartel that was sanctioned by the US government. In a report published last week, Cisco Talos says they’ve seen attacks where the Silence gang’s Truebot malware installed Grace (aka FlawedGrace and GraceWire), a malware strain formally linked to the EvilCorp gang, further supporting claims that Silence and EvilCorp are either the same or working together. Further supporting their claims, Talos researchers also noted that in some of these attacks, the intruders also deployed the Clop ransomware, another favorite of the EvilCorp (TA505) gang. Read more:
- Silence: Moving Into The Darkside
- Breaking the silence – Recent Truebot activity
- TA505: A Brief History Of Their Time
Overview
TrueBot, developed by a Russian-speaking hacker group Silence, has infected 1,500 systems worldwide to deploy the Teleport exfiltration tool, Cl0p ransomware, and other tools – noted researchers. Read more: Clop Ransomware Uses Viral ‘Truebot’ Malware to Access Networks