Narf!
Although being fair, most of Brains plans unravelled by a simple oversight or they gave up on the brink of success. Shame they never tried the same plan twice but with lessons learned.
A pair of cybercrooks who may have started out as legit infosec pros have expanded their operations outside Russia and begun attacking banks across the world. "Silence is an example of a mobile, small, and young group that has been progressing rapidly," Group-IB said, adding that the cybercrime group has shown signs of …
The article hints that at the 'How', or how conveniently simple it is now to slip from White-Hat to Black-Hat... But not the 'Why'.... This trend should worry the tech community. Perhaps some firms or senior executives didn't take these White-Hats talents seriously, because IT = Plumbing after all!
how the hell could it be determined that "Silence used Russian words typed on an English keyboard layout to send commands to backdoors they had deployed."
How the hell could that be determined? Not a Russian layout I get, because of typical letter conversions between Cyrillic and Latin alphabets, but specifically English layout seems a bit over the top
I think they typed Russian words, onto a physically Russian keyboard, but with the OS set to map those keys to the equivalent English layout.
You would get a nonsense word as a result, which your traffic sniffer or firewall would not readily match to an English or Russian dictionary. You would need to run the Russian to English layout mapping on the Russian dictionary to get the corresponding nonsense dictionary, which you could then use to find and block those packets reaching their intended destinations.
> I think they typed Russian words, onto a physically Russian keyboard, but with the OS set to map those keys to the equivalent English layout.
Indeed likely. I use a similar trick with important passwords, switching to Korean or somesuch language, but typing my password on my UK keyboard. The result on the other end was basically unintelligible.
It is basically security by obscurity (you need to know the mapping used, and that mapping was done), but it is a useful layer on top of a good password and other security practices.