A gang of hackers, OPERA1ER, stole at least $11m from companies in Nigeria, Benin, Cameroon, 11 other African countries, and Argentina.
This is according to a new report from Group-IB, a cybersecurity firm, entitled, “OPERA1ER: Playing God without permission,” in collaboration with the researchers from Orange CERT Coordination Center.
The firm disclosed that digital forensic artifacts analysed by it and Orange followed more than 30 successful intrusions of the gang between 2018 and 2022.
The company’s data revealed that companies in Ivory Coast were the most targeted.
It said this helped it to trace affected organisations in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, and Argentina.
It added that while it estimated that the gang stole $11m, it could have actually stolen as high as $30m.
It stated, “The report takes a deep dive into financially motivated attacks of the prolific French-speaking threat actor, codenamed OPERA1ER.
“Despite relying solely on known ‘off-the-shelf’ tools, the gang managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. OPERA1ER is confirmed to have stolen at least $11m, according to Group-IB’s estimates.
“One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals. Researchers from the Group-IB European Threat Intelligence Unit identified and reached out to 16 affected organizations so they could mitigate the threat and prevent further attacks by OPERA1ER.”
According to the firm, the report was completed in 2021 when the threat actor was active. Head of cyber threat research at Group-IB Europe, Rustam Mirkasymov, said, “Detailed analysis of the gang’s recent attacks revealed an interesting pattern in their modus operandi: OPERA1ER conducts attacks mainly during the weekends or public holidays.
“It correlates with the fact that they spend from 3 to 12 months from the initial access to money theft. It was established that the French-speaking hacker group could operate from Africa. The exact number of the gang members is unknown.”