After being brought in to investigate some dubious cyber-activity, cybersecurity experts from Group-IB discovered an entire heist campaign that had successfully stolen at least $30 million dollars from a number of banks in Africa, as well as several financial institutions and telecom operators in Asia and Latin America.
After teaming up with French telecom company Orange’s CERT Coordination Center, it was determined that a cybercrime group based in France had been planning heists for approximately four years. This group, called OPERA1ER, successfully completed more than 30 robberies.
The group first obtained access to these companies by phishing their way in, keyloggers, or password stealing. They’d then obtain admin-level credentials to Windows domain controllers on the networks and back-end applications such as SWIFT. After that, they’d slowly move people’s funds around until it landed on the account of their choosing.
Eventually, the thieves would pull the money out of ATMs.
In one attack, a network of 400+ mule subscriber accounts was used to cash out stolen funds via ATMs overnight. Further investigation uncovered that the mules had been recruited months in advance, indicating that the attack was sophisticated, organized, and planned over a long period of time..
The researchers discovered that the group only utilized bog-standard malware – nothing too complicated or expensive. In fact, they could find much of their tools for free on the dark web. Nevertheless, this ‘off-the-shelf’ software was enough to allowed OPERA1ER to steal a minimum of $11 million since 2019 – though it’s probable they’ve taken over $30 million as some companies were unwilling or unable to confirm financial losses.”
Companies located in countries such as Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria Paraguay Senegal Sierra Leone Uganda Togo and Argentina were affected.
