The researchers say that Silence has improved its operational security and changed its toolset to thwart detection. Apart from rewriting the first-stage module (Silence.Downloader / Truebot), the group began using a PowerShell-based fileless loader called Ivoke. For lateral movement in the victim network, a new PowerShell agent is used, called EmpireDNSAgent (EDA) because it is based on the abandoned Empire framework and the dnscat2 project. In October 2018, Silence started to send out reconnaissance emails that would help better prepare an attack. Such a message would carry no payload and pretended to be an automated reply for a failed delivery. To read the complete article see: https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/ See also: https://www.group-ib.com/resources/threat-research/silence-attacks.html
Having read about previous campaigns, this isn’t a surprise at all.