THREATOPS Actor Dossier
LIVE ← Dashboard

Silence

G00916 reports
aliases · Silence · Whisper Spider
Export dossier:
6
Reports
12
Techniques
8
Tactics
3
Countries
53%
Hunt coverage
2
Aliases

Analyst assessment — key judgments

  • Signature techniques: T1684 (Social Engineering), T1059.001 (PowerShell), T1556.006 (Multi-Factor Authentication).
  • Primary targeting: US, DE, AU.
  • Steady activity: 2 report(s) in last 30d vs 2 prior (+0%).
  • Recent movement: 5 new technique(s), 3 new infrastructure indicator(s) in the last 30 days.
  • Hunt coverage 53% of 19 observed techniques (9 gap(s)).
  • Assessment confidence: medium (61).

Activity & trend

SteadyLast 30d: 2 vs 2 prior (+0%)· first reported 2026-02-02 · last 2026-07-01
0
7d
2
30d
5
90d
6
All
0.4
Rpts/wk
Reporting timeline · 12 months

Movement — last 30 days

New techniques
T1059.007T1588.006T1552.003T1552.008T1589.001
Targeting lost
AUDEUS
New infrastructure
81cd67829191beba42eb54589375670122e1b57bhttps://danusminimus.github.io/posts/Prohttps://kb.cert.org/vuls/id/221883

Overview

Analyst triage
Intelligence summary

Silence is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.(Citation: Cyber Forensicator Silence Jan 2019)(Citation: SecureList Silence Nov 2017)

Top co-occurring indicators
    Aliases & naming
      Targeting · countries
        Targeting · named victims

          ATT&CK technique matrix

          Coverage vs hunt library:
          Hunt-coverage gaps — prioritized

            Top techniques by observation

            Threat catalogue · engineering roadmap0

            Flagged detection-engineering queue

            Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.

              No techniques queued yet — flag a gap above to add it here.

              Infrastructure

              IOC type mix
              Tooling / malware families
                Tracked infrastructure

                Relationships

                Related actors (behavioral cluster)
                  Attributed malware
                  Campaigns
                  No behavioral cluster, attributed malware, or campaigns recorded for this actor yet.

                  Activity

                  30-day mention timeline
                  Recent reporting
                  TitleSourceSeverityCollected