At least $11 million was stolen by the Hackers; a French-speaking threat actor dubbed OPERA1ER, from businesses in Argentina, Benin, Cameroon, Nigeria, and 11 other African nations.
This is supported by a recent paper from cybersecurity company Group-IB, “OPERA1ER: Playing God without Permission,” which was produced in association with Orange CERT Coordination Center researchers.
The company said that more than 30 successful intrusions of the gang between 2018 and 2022 were tracked by digital forensic artifacts that were examined by it and Orange.
Ivory Coast-based businesses were the most frequently attacked, according to the company’s data.
The Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, and Argentina were among the countries where it claimed this assisted in locating affected organizations.
In addition, it noted that although the gang was thought to have stolen $11 million, it may have actually taken up to $30 million.
Group-IB stated, [quotation] “The report takes a deep dive into financially motivated attacks of the prolific French-speaking threat actor, codenamed OPERA1ER.
“Despite relying solely on known ‘off-the-shelf’ tools, the gang managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. OPERA1ER is confirmed to have stolen at least $11m, according to Group-IB’s estimates.
“One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals. Researchers from the Group-IB European Threat Intelligence Unit identified and reached out to 16 affected organizations so they could mitigate the threat and prevent further attacks by OPERA1ER.” [/quotation]
The report was finished in 2021, during the threat actor’s active phase, according to the company. “Deep investigation of the gang’s previous operations revealed an intriguing pattern in their mode of operation: OPERA1ER performs attacks primarily during the weekends or public holidays,” stated Rustam Mirkasymov, head of cyber threat research at Group-IB Europe.
[quotation] “It correlates with the fact that they spend from 3 to 12 months from the initial access to money theft. It was established that the French-speaking hacker group could operate from Africa. The exact number of the gang members is unknown.”[/quotation]