SilverTerrier cybercrime gang targets government

Australian government institutions have been targeted by a Nigerian cybercrime gang known as SiverTerrier, according to a global cyber security company.

In a blog post on Thursday Palo Alto says its research shows the group targeted government organisations around the world involved in the COVID response, including in Australia, between January 30 and April 30.

During this time the organisation says SilverTerrier launched 10 COVID-themed malware campaigns that produced over 170 phishing emails across the company’s customer base.

“With the global impacts of COVID-19, an unprecedented number of corporations are expediating their cloud infrastructure migrations, all while transitioning to a largely remote workforce that is understandably interested in all topics related to the virus,” Palo Alto said.

“Given this trend, it should come as no surprise that BEC actors are seizing opportunities to exploit the situation through tailored phishing campaigns related to COVID-19.”

None of the campaigns were successful in infecting their targets.

The company says the most “pronounced activity” was a series of eight campaigns related to a “well-known SilverTerrier actor”, including three that were directed at Australia.

The emails had subject lines relating to masks, vaccines and supplies for COVID-19 but contained malicious links delivering Agent Tesla and Lokibot information-stealing malware.

As well as local and regional governments and government health agencies, the group also targeted insurance companies, medical publishing firms, universities and utilities.

Most of the attacks in Australia were targeted at health insurance agencies, followed by government and energy sectors.

A SilverTerrier campaign on March 23 targeted a Australian health insurer while an energy company was hit on the following day.

An April 8 attack targeted what Palo Alto said were “various Australian government institutions”.

More information has been sought from the Australian Signals Directorate.

The directorate’s Australian Cyber Security Centre says it is continuing to receive reports from government departments about a range of COVID-19 themed scams, online fraud and phishing campaigns.

Since March 10 the ACSC has responded to more than 20 cyber security incidents affecting COVID-19 response services and major national suppliers.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required