Inside Kenyan Hacker Group Gaining International Fame

  • A new global cyber-security report has revealed details of the growing notoriety of a Kenyan hacker group known as 'SilentCards' in international circles.

    SilentCards, based in Nairobi, has previously been accused of orchestrating multi-million shilling heists in the financial services sector, particularly targeting banks and their Automated Teller Machines (ATMs).

    Singapore-based cyber-security firm, Group-IB, in its annual Hi-Tech Crimes Report identified SilentCards as one of the prominent players in the global cyber-crime landscape.

    “Currently, only five groups pose a real threat to the financial sector; Cobalt, Silence, MoneyTaker (Russian), Lazarus (North Korea), and SilentCards (a new group from Kenya),” Group-IB noted in its report presented at the CyberCrimeCon international Threat Hunting and Intelligence conference in Singapore.

    A man uses an ATM in Nairobi

    The report observed that unlike their counterparts in the West and Asia, SilentCards had lesser technical capabilities but their methods were quite effective.

    The group is said to have undertaken heists on multiple banks in the region over the past three years positioning Kenya as a hub for cyber-crime.

    "SilentCards is a new group that carries out targeted attacks on banks in Africa. Despite their poor technical skills (compared to other groups), they successfully steal money in this region," the report reads in part.

    In January 2019, the Directorate of Criminal Investigations (DCI) published a list of 130 individuals wanted in connection with various cyber-crimes putting the situation into perspective.

    High-tech methods deployed in the theft of Ksh11 million from Absa Bank (formerly Barclays Kenya) ATMs in April 2019 had sparked allegations that groups such as SilentCards were behind the heist.

    An investigative report by The Standard claimed that SilentCards was the most successful of several hacker groups in Nairobi. The groups are said to operate from buildings in various estates along the Thika Superhighway such as Ruiru, Kasarani and Roysambu.

    The groups reportedly target young graduates in IT-related fields for recruitment, promising them untold riches.

    New recruits are also allegedly paid a 'signing bonus' of around Ksh100,000 after which they begin intensive training to prepare them for heists.

    Internal competition and greed were claimed to be responsible for the emergence of several splinter hacker groups which split from larger groups such as SilentCards.

    Employees of various targeted banks, Saccos and micro-finance institutions are also trained at these groups' hide-outs to plant malicious software within the banks' internal networks.

    The employees are offered large sums of money to help facilitate the heists as the planted software often gives the hackers a backdoor into banks' secure systems.

    “In 2018, researchers detected an incident that has been linked to the group SilentCards.

    “The hackers gained access to a card processing system and successfully transferred Ksh400 million by penetrating the corporate network and infiltrating the key servers responsible for money,” the Group-IB report indicates. 

    Group-IB provides cyber-security solutions on multiple contents and has been publishing the threat analysis report since 2005.

    A message demanding money is seen on a monitor of a payment terminal at a branch of Ukrainian bank Oschadbank after a wave of cyber attacks in Kiev, Ukraine on June 27, 2017