At least $11 million was stolen by the hacking group OPERA1ER from businesses in Argentina, Benin, Cameroon, Nigeria, and 11 other African nations.
This is supported by a recent paper from cybersecurity company Group-IB, “OPERA1ER: Playing God without Permission,” which was produced in association with Orange CERT Coordination Center researchers.
The company said that more than 30 successful intrusions of the gang between 2018 and 2022 were tracked by digital forensic artifacts that were examined by it and Orange.
Ivory Coast-based businesses were the most frequently attacked, according to the company’s data.
It said this helped it to trace affected organisations in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, and Argentina.
It added that while it estimated that the gang stole $11m, it could have actually stolen as high as $30m.
It stated, “The report takes a deep dive into financially motivated attacks of the prolific French-speaking threat actor, codenamed OPERA1ER.
“Despite relying solely on known ‘off-the-shelf’ tools, the gang managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. OPERA1ER is confirmed to have stolen at least $11m, according to Group-IB’s estimates.
“One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals. Researchers from the Group-IB European Threat Intelligence Unit identified and reached out to 16 affected organizations so they could mitigate the threat and prevent further attacks by OPERA1ER.”
According to the firm, the report was completed in 2021 when the threat actor was active. Head of cyber threat research at Group-IB Europe, Rustam Mirkasymov, said, “Detailed analysis of the gang’s recent attacks revealed an interesting pattern in their modus operandi: OPERA1ER conducts attacks mainly during the weekends or public holidays.
“It correlates with the fact that they spend from 3 to 12 months from the initial access to money theft. It was established that the French-speaking hacker group could operate from Africa. The exact number of the gang members is unknown.”