OPERA1ER was involved in more than 30 raids
A number of African banks were among the victims of a well-planned, sophisticated heist campaign that saw the thieves walk away with at least $30 millions.
After being brought in to investigate cyber-activity, Group-IB, cybersecurity experts, discovered the robbery.
It was joined by Orange, a French telecom company, to discover that OPERA1ER, a French-speaking group of cybercriminals, had planned the entire thing for approximately four years and ultimately initiated more than 30 heists.
Very sophisticated
According to The Register, the group phished their way into these companies first by landing malware, keyloggers, and password stealers. They would then be able to obtain admin-level credentials for Windows domain controllers and back-end applications like SWIFT after they had entered these networks. They would then slowly transfer people’s funds until they reached the account they desired.
They would then withdraw the money from an ATM.
According to the report, one of these attacks saw “a network consisting of over 400 mule subscriber account were used to quickly cash out stolen money mostly overnight via ATMs.” Further investigation revealed that the mules were recruited months before. It was evident that the attack was highly sophisticated, planned, coordinated, and planned over a lengthy period.
Researchers also discovered that the group didn’t use sophisticated malware. They used just the standard stuff and any other freeware they could find on the dark internet.
The report states that OPERA1ER has been confirmed to have stolen at most $11 million using its basic ‘off the shelf’ toolkit since 2019. The actual amount is thought to be more than $30 million, as some of these compromised companies have not confirmed the loss.
The victims’ companies were found, among others, in Ivory Coast and Mali, Burkina Faso. Benin, Cameroon. Bangladesh. Gabon. Niger. Nigeria. Paraguay. Senegal. Sierra Leone. Uganda. Togo.
