• XRATOR
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Cyber Attacks

OPERA1ER cybercrime gang attacks West Africa

Group-IB and Cert-Orange warned about a group of French-speaking cybercriminals attacking financial institution in West Africa.

Gert Van de VenbyGert Van de Ven
December 9, 2022
in Articles, Cyber Attacks, Cybercrime, Scams
0
OPERA1ER cybercrime gang attacks West Africa

A gang of French-speaking hackers has managed to aggregate a sum of at least $11 million during their numerous years of malicious operations. A number which could even exceed $30 million, as indicated by a joint investigation conducted by Group-IB and Cert-Orange. From 2018 to 2022, the French-speaking criminal organization (also known as DESKTOP-GROUP, Common Raven, NXSMS) was very active and dangerous, conducting more than 30 raids against banks, financial institutions, and telecoms companies primarily in Africa.

A sophisticated operation dating back to 2016

The criminal group known as Opera1er made headlines in 2019, but it was clear that it started operations back in 2016. The oldest domain related to the group was created that year. When attacking their victims, the cybercriminals used sophisticated phishing emails, mainly in French.  They contained malicious files or linked to Google Drive pages, Discord servers and hacked legitimate websites.

After gaining privileged access to their targets, cybercriminals employed remote access tools, for example AnyDesk, to take control of specific computers or link up to the information system with a virtual private network. Next, they concentrated on accounts with considerable amounts of money. The funds were then moved to the accounts of “mules” before being pulled out from ATMs.

According to investigators, over 400 mules were involved in a money withdraw operation that was completed in a single evening. Their assessment suggested that establishing a cyber raid could take around six to twelve months. While the task of enlisting the mules could take between one to three months. Consequently, Group-IB and Cert-Orange analysts concluded that the attack was “extremely sophisticated, organized, coordinated, and planned out over an extended period of time“.

Attacking Western African Banks and Telcos

The criminal gang’s arsenal did not incorporate any 0-day vulnerability. They exploited vulnerabilities that had been discloseda few years in the past. It should have been long enough to patch them and install safety fixes. Such patch management and risk based vulnerability management would have made the criminal’s job way more difficult.

Opera1er Raven has been actively targeting financial sector institutions, compromising their SWIFT payment infrastructure to send out fraudulent payments. Businesses located in Western Africa have suffered the majority of cyberattacks. Such as financial institutions and telecoms companies, with the exception of a few occurrences in Argentina, Paraguay, Bangladesh, and Uganda.

In 2020, a cybersecurity company from Dubai, Rewterz, revealed Indicators of Compromise (IoC) related to a group called “Common Raven“. A year later, SWIFT, a messaging system employed by banks for global payments, issued an announcement regarding the actions of this group.

In August 2022, a Group-IB analyst pinpointed a recently established Cobalt Strike server, a tool which OPERA1ER often uses. This discovery drove the researchers to detect five more attacks in four countries. They happened after the initial research had been finished. Subsequent to the August discovery, the researchers were able to obtain an updated list of domains. Those fresh elements bound to the group, and the evidence of earlier OPERA1ER tools.

Cyber Threat in Africa

The African continent is full of possibilities when it comes to information and communication technologies due to the large number of young people that make up its population. In 2020, 60% of Africans were under 25 years old, which is creating a surge in the use of new technologies. Whenever an economic dilemma is encountered, creative solutions are often proposed to deal with the situation.

Unfortunately, some of the answers may not be within the boundaries of the law. Low access to banking services for African people has led to the invention of new finance services. Such as mobile banking. But it has also caused the emergence of new forms of scam associated with these advanced technologies.

Analysts have forecasted that the digital economy  sector in Africa will accumulate an annual revenue of $180 billion by 2025. But inadequate initiatives to tackle cybercrime might impede this expansion. In october 2021, Interpol released a Cyberthreat assessment of Africa while Amnesty International warned about foreign targeted surveillance on population.

The top five cyber threat for Africa are online scam, digital extortion, Business Email Compromise, Botnet and ransomware. But the economical and geopolitical context on the continent make it allows a privileged target for advanced cyberespionage operation.

We must not let cybercrime hinder the social and economic development of the African continent. Establishing from the start good hygiene practice and preventive cyber risk management will help individual and companies to stay secure online.

 

 

 

Tags: AfricaBotnetBusiness Email CompromiseCommon RavenCyberespionageExtortionGeopoliticsOPERA1ERransomwareSocial Engineering

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • Cybercriminals regularly hack into individual and organization network. They may steal password to sell them on the darkweb.

    4 websites to check if your password is in the darkweb

    0 shares
    Share 0 Tweet 0
  • 10 Essential Tools for IoT Pentesting

    0 shares
    Share 0 Tweet 0
  • Threat Modeling : from Software Security to Cyber Risk Management

    0 shares
    Share 0 Tweet 0
  • 8 TV Shows and Movies about Personal Data Abuse

    0 shares
    Share 0 Tweet 0
  • The Code Knight: Mastering the Craft of Defensive Programming

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Uncategorized
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}