CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
Why are these hackers feared by banking institutions and telecommunications providers around the world?
Authorities in Ivory Coast, a French-speaking country in West Africa, have detained a hacker who is believed to have long been a key member of the OPERA1ER cybercrime group that attacked telecommunications and financial companies using malware, phishing and business email compromise.
The group, also known as NX$M$, DESKTOP Group, and Common Raven, is suspected of stealing between $ 11 million and $ 30 million over the past four years in more than 30 attacks in 15 countries in Africa, Asia, and Latin America.
The suspect was arrested in early June in a joint operation called Nervone involving the African police, Interpol, cybersecurity company Group-IB and telecommunications operator Orange.
Additional information that also helped with the investigation was provided by the U.S. Secret Service's Criminal Investigation Division and cybersecurity researchers at Booz Allen Hamilton DarkLabs.
"According to the Interpol report on Cybersecurity Threats in Africa 2022, cybercrime is a growing threat in the West African region, and victims of these crimes are located around the world. Operation Nervone underscores Interpol's determination to actively combat the threat of cybercrime in the region, " Interpol said in an official statement.
OPERA1ER members mostly speak French and are believed to be based in Africa. They use a wide variety of tools in their attacks, including publicly available malware and frameworks such as Metasploit and Cobalt Strike.
OPERA1ER hackers usually gain primary access to targeted networks through specialized phishing emails that exploit popular topics, such as invoices or mail delivery notifications. After gaining access, attackers spread a wide range of first-stage malware, including Netwire, BitRAT, venomRAT, AgentTesla, Remcos, Neutrino, BlackNet, and Venom RAT, as well as interceptors and password dumpers.
The researchers found that OPERA1ER hackers usually maintain access to compromised networks for three to twelve months, sometimes attacking the same company several times.
Symantec researchers also found a link between OPERA1ER and a group of cybercriminals they track, codenamed Bluebottle. These attackers used a signed Windows driver in attacks against at least three banks in French-speaking African countries.
"Any attempt to investigate a sophisticated cybercrime group such as OPERA1ER, which has stolen millions from financial sector companies and telecommunications providers around the world, requires highly coordinated efforts between public authorities and the private sector," said Dmitry Volkov, CEO of Group — IB.
"The success of Operation Nervone demonstrates the importance of sharing threat intelligence. Only thanks to our cooperation with Interpol, Orange CERT-CC and partners from the private and public sectors-we were able to get a complete picture of what is happening, " concluded Volkov.
Authorities in Ivory Coast, a French-speaking country in West Africa, have detained a hacker who is believed to have long been a key member of the OPERA1ER cybercrime group that attacked telecommunications and financial companies using malware, phishing and business email compromise.
The group, also known as NX$M$, DESKTOP Group, and Common Raven, is suspected of stealing between $ 11 million and $ 30 million over the past four years in more than 30 attacks in 15 countries in Africa, Asia, and Latin America.
The suspect was arrested in early June in a joint operation called Nervone involving the African police, Interpol, cybersecurity company Group-IB and telecommunications operator Orange.
Additional information that also helped with the investigation was provided by the U.S. Secret Service's Criminal Investigation Division and cybersecurity researchers at Booz Allen Hamilton DarkLabs.
"According to the Interpol report on Cybersecurity Threats in Africa 2022, cybercrime is a growing threat in the West African region, and victims of these crimes are located around the world. Operation Nervone underscores Interpol's determination to actively combat the threat of cybercrime in the region, " Interpol said in an official statement.
OPERA1ER members mostly speak French and are believed to be based in Africa. They use a wide variety of tools in their attacks, including publicly available malware and frameworks such as Metasploit and Cobalt Strike.
OPERA1ER hackers usually gain primary access to targeted networks through specialized phishing emails that exploit popular topics, such as invoices or mail delivery notifications. After gaining access, attackers spread a wide range of first-stage malware, including Netwire, BitRAT, venomRAT, AgentTesla, Remcos, Neutrino, BlackNet, and Venom RAT, as well as interceptors and password dumpers.
The researchers found that OPERA1ER hackers usually maintain access to compromised networks for three to twelve months, sometimes attacking the same company several times.
Symantec researchers also found a link between OPERA1ER and a group of cybercriminals they track, codenamed Bluebottle. These attackers used a signed Windows driver in attacks against at least three banks in French-speaking African countries.
"Any attempt to investigate a sophisticated cybercrime group such as OPERA1ER, which has stolen millions from financial sector companies and telecommunications providers around the world, requires highly coordinated efforts between public authorities and the private sector," said Dmitry Volkov, CEO of Group — IB.
"The success of Operation Nervone demonstrates the importance of sharing threat intelligence. Only thanks to our cooperation with Interpol, Orange CERT-CC and partners from the private and public sectors-we were able to get a complete picture of what is happening, " concluded Volkov.
