19 Dec Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses
At least 16 African banks, financial services, and telecommunication companies have been identified as victims of the French-speaking threat group OPERA1ER, which has stolen at least $11 million since 2018.
A report from Group-IB explains it has been tracking OPERA1ER’s activities since 2019. The researchers reported OPERA1ER has successfully breached the targets’ systems at least 30 times since 2018. As an example of the group’s sophistication and coordination, the report explained that one of the of the group’s attacks used more than 400 mule accounts to make fraudulent money withdrawals.
The group doesn’t use sophisticated malware but instead OPERA1ER’s hallmark is easily accessible open source malware and everyday red-team frameworks like Metasploit and Cobalt Strike. OPERA1ER delivers remote access Trojans (RATs) through French-language email phishing lures and takes its time gathering intelligence about its victims before “cashing out” according to the report.
Rustam Mirkasymov, head of cyber-threat research at Group-IB Europe, said: “Detailed analysis of the gang’s recent attacks revealed an interesting pattern in their modus operandi: OPERA1ER conducts attacks mainly during the weekends or public holidays.
“It correlates with the fact that they spend from three to 12 months from the initial access to money theft.”
Mirkasymov added the gang could be based out of Africa and the total number of OPERA1ER group members is unknown.