GOLD WYMAN

In November 2017, Kaspersky reporeted on a new campaign that was targeting banks in Russia, Armenia and Malaysia for theft. The attack is similar to historical GOLD LOCUST (Carbanak) activity in that GOLD WYMAN uses spearphishes to target specific bank employees and deploys the Silence trojan, which includes functionality for screen video recording software, to record and monitor their activities. After sufficient information is obtained the criminals conduct large transfers to steal funds.