Hackers breach banks and telcos, steal $11m in 4 years
By Jeph Ajobaju, Chief Copy Editor
Hackers codenamed OPERA1ER breached banks and telecom firms in 16 countries – among them Nigeria, Benin, Cote d’Ivoire, Cameroon, and Argentina – in 2021 and stole $11 million, but the amount could be as high as $30 million.
A new report by cybersecurity firm Group-IB in collaboration with Orange CERT Coordination Center shows companies in Cote d’Ivoire were the most targeted.
The report titled, “OPERA1ER: Playing God without permission”, said digital forensic artifacts researchers analysed followed more than 30 successful intrusions of the OPERA1ER gang between 2018 and 2022.
The report located the affected organisations in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, and Argentina.
It disclosed the gang stole an estimated $11 million but the amount could be up to $30 million.
“The report takes a deep dive into financially motivated attacks of the prolific French-speaking threat actor, codenamed OPERA1ER,” the investigators said.
“Despite relying solely on known ‘off-the-shelf’ tools, the gang managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022.
“OPERA1ER is confirmed to have stolen at least $11m, according to Group-IB’s estimates.”
_______________________________________________________________
Related articles:
New malware steals bank login data, NCC warns
ePayments failure rises as banks owe N45b USSD debt, IT workers emigrate
NCC alerts Zoom users criminals can infiltrate undetected
_______________________________________________________________
Network of 400 mule accounts
“One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals, the report said, per The PUNCH.
“Researchers from the Group-IB European Threat Intelligence Unit identified and reached out to 16 affected organisations so they could mitigate the threat and prevent further attacks by OPERA1ER.”
The report was completed in 2021 when the threat actor was active, according to the firm.
“Detailed analysis of the gang’s recent attacks revealed an interesting pattern in their modus operandi: OPERA1ER conducts attacks mainly during the weekends or public holidays,” said Rustam Mirkasymov, head of cyber threat research at Group-IB Europe.
“It correlates with the fact that they spend from 3 to 12 months from the initial access to money theft. It was established that the French-speaking hacker group could operate from Africa. The exact number of the gang members is unknown.”
