Silence
G00916 reportsaliases · Silence · Whisper Spider
6
Reports
12
Techniques
8
Tactics
3
Countries
53%
Hunt coverage
2
Aliases
Analyst assessment — key judgments
- Signature techniques: T1684 (Social Engineering), T1059.001 (PowerShell), T1556.006 (Multi-Factor Authentication).
- Primary targeting: US, DE, AU.
- Steady activity: 2 report(s) in last 30d vs 2 prior (+0%).
- Recent movement: 5 new technique(s), 3 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 53% of 19 observed techniques (9 gap(s)).
- Assessment confidence: medium (61).
Activity & trend
SteadyLast 30d: 2 vs 2 prior (+0%)· first reported 2026-02-02 · last 2026-07-01
0
7d
2
30d
5
90d
6
All
0.4
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
New techniques
T1059.007T1588.006T1552.003T1552.008T1589.001Targeting lost
AUDEUSNew infrastructure
81cd67829191beba42eb54589375670122e1b57bhttps://danusminimus.github.io/posts/Prohttps://kb.cert.org/vuls/id/221883Overview
Analyst triage
Intelligence summary
Silence is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.(Citation: Cyber Forensicator Silence Jan 2019)(Citation: SecureList Silence Nov 2017)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1684 · Social Engineeringconf 652
- T1059.001 · PowerShellconf 652
- T1556.006 · Multi-Factor Authenticationconf 652
- T1557 · Adversary-in-the-Middleconf 601
- T1213.002 · Sharepointconf 601
- T1590.005 · IP Addressesconf 601
- T1586.002 · Email Accountsconf 601
- T1585.002 · Email Accountsconf 601
- T1589.002 · Email Addressesconf 601
- T1593.002 · Search Enginesconf 601
- T1589.003 · Employee Namesconf 601
- T1020 · Automated Exfiltrationconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|