A suspect believed to be a key member of the cybercrime group OPERA1ER has been detained by law enforcement. This group has been targeting mobile banking services and financial institutions through various cyber attack methods such as malware, phishing, and Business Email Compromise (BEC) campaigns.
Furthermore, over the past four years, they are suspected of having stolen between $11 million and $30 million in more than 30 attacks across 15 countries in Africa, Asia, and Latin America.
Additionally, the arrest of the suspect took place in Côte d’Ivoire as part of Operation Nervone, a joint law enforcement action involving AFRIPOL, Interpol’s Cybercrime Directorate, Group-IB, and Orange. The investigation received additional information from the Criminal Investigative Division of the United States Secret Service and cybersecurity researchers from Booz Allen Hamilton DarkLabs.
Interpol highlighted the growing threat of cybercrime in the West Africa region and emphasized their commitment to combating cyber threats through operations like Nervone.
Group-IB analysts and Orange’s CERT-CC department have been tracking OPERA1ER since 2019 and have linked the group to more than 35 successful attacks between 2018 and 2022. The cybercriminals primarily operate from Africa, relying on tools such as open-source solutions, common malware, and frameworks like Metasploit and Cobalt Strike.
Their attacks begin with spear-phishing emails exploiting popular subjects, leading to the deployment of various types of malware. OPERA1ER is known for maintaining access to compromised networks for several months, targeting operator accounts with significant funds and using stolen credentials to redirect the stolen money through subscriber accounts and an extensive network of ATMs.
The successful apprehension of the OPERA1ER suspect highlights the importance of collaboration between public and private sector entities in combating sophisticated cybercrime. The investigation required a coordinated effort, and the partnership between Interpol, Group-IB, Orange-CERT-CC, and other stakeholders played a crucial role in dismantling this cybercriminal network that targeted financial service companies and telecom providers worldwide.