At least 16 African banks, financial services, and telecommunication companies have been attacked by a French-speaking cyber criminal named OPERA1ER, which has stolen at least $11 million since 2018.
A new report by cyber security firm, Group-IB in collaboration with Orange CERT Coordination Center shows companies in Cote d’Ivoire were the most targeted.
The first says it’s been tracking OPERA1ER’s activities since 2019; however, they waited to publish its findings until the group resurfaced after a 2021 break. Now the gang is back in action, the analysts explain, allowing Group-IB to document their OPERA1ER TTPs from 20219, as well as the latest iteration in 2022.
The report titled, “OPERA1ER: Playing God without permission”, said digital forensic artefacts researchers analysed followed more than 30 successful intrusions of the OPERA1ER gang between 2018 and 2022.
The report located the affected organisations in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, and Argentina.
It disclosed the gang stole an estimated $11 million but the amount could be up to $30 million.
“The report takes a deep dive into financially motivated attacks of the prolific French-speaking threat actor, codenamed OPERA1ER,” the investigators said.
“Despite relying solely on known ‘off-the-shelf’ tools, the gang managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022.