Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses

  /     /     /  
Publicated : 23/11/2024   Category : security

Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses


One attack used 400 mule accounts to steal money by making fraudulent withdrawals, researchers say.


At least 16 African banks, financial services, and telecommunication companies have been identified as victims of the French-speaking threat group OPERA1ER, which has stolen at least $11 million since 2018. 
A new report from Group-IB explains it has been tracking OPERA1ERs activities since 2019; however, they waited to publish its findings until the group resurfaced after a 2021 break. Now the gang is back in action, the analysts explain, allowing Group-IB to document their
OPERA1ER TTPs from 2019 through 2021
, as well as the latest
iteration in 2022

The researchers reported OPERA1ER has successfully breached the targets systems at least 30 times since 2018. As an example of the groups sophistication and coordination, the report added, one of the of the groups attacks used more than 400 mule accounts to make fraudulent money withdrawals.
The group doesnt use exotic malware, in fact, the researchers said in the report that OPERA1ERs hallmark is easily accessible open source malware and everyday red-team frameworks like Metasploit and Cobalt Strike. OPERA1ER delivers remote access Trojans (RATs) through French-language email phishing lures and takes its time gathering intelligence about its victims before cashing out, the report added. 
Detailed analysis of the gang’s recent attacks revealed an interesting pattern in their modus operandi: OPERA1ER conducts attacks mainly during the weekends or public holidays, Rustam Mirkasymov, head of cyber-threat research at Group-IB Europe, said in a statement. It correlates with the fact that they spend from three to 12 months from the initial access to money theft. 
Mirkasymov added the gang could be based out of Africa and the total number of OPERA1ER group members is unknown. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses