This cybercrime group stole $30 million from banks and telecoms in a four-year crime spree

OPERA1ER conducted more than 30 raids

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Several African banks, as well as a number of financial institutions and telecommunications operators in Asia and Latin America, have been victims of a highly sophisticated, well-planned heist campaign, which saw the crooks walk away with at least $30 million.

Cybersecurity experts Group-IB discovered the robbery after being brought in to investigate suspicious cyber-activity.

Together with French telecom company Orange’s CERT Coordination Center, it found that a French-speaking cybercrime group, dubbed OPERA1ER, planned the whole thing for roughly four years, and eventually initiated more than 30 heists.

Very sophisticated

As reported byThe Register, the group first phished its way into these companies by landingmalware, keyloggers, orpasswordstealers. After setting foot into these networks, they’d obtain admin-level credentials to Windows domain controllers on the networks, as well as the back-end applications such as SWIFT. Then, they’d slowly move people’s funds around, until they land on the account of their choosing.

Finally, they’d withdraw the money from ATMs.

In one such attack, “a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs,” the report reads. Further investigation uncovered the mules had been recruited months in advance. “It was obvious that the attack was very sophisticated, organized, coordinated and planned over a long period of time.”

Here’s our rundown of the best endpoint protection services right now>Bitcoin ATM bug let thieves siphon off crypto withdrawals>New malware poses frightening threat to cash machines

The researchers also found that the group did not use any sophisticated, high-end malware. It was just off-the-shelf stuff, and anything else they could find for free on the dark web.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“With the basic ‘off-the-shelf’ toolkit OPERA1ER is confirmed to have stolen at least $11 million since 2019,” the report states. “But the actual amount is believed to be higher than $30 million as some of the compromised companies did not confirm the fact of money loss.”

The victim companies were located, among other places, in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

How to watch Wolf Hall: The Mirror and the Light FREE online from anywhere