AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Global fight against cybercrime: OPERA1ER tower fell

French criminal organization loses its leader: Interpol announces high-profile arrest in international operation coded "Nervon"

French-speaking hacker group OPERA1ER's senior member has been detained in an international operation, Nervone, initiated by Interpol. Suspected to have committed over 30 attacks across 15 countries, the group pilfered approximately $11-30 million. The operation tracked their signature spear-phishing techniques, which involved fake notifications and job offers, to gain access to internal payment systems of the victim organizations.

This pill is also available in Italian language

Interpol has announced the arrest of an alleged senior member of a French-speaking hacker group known as OPERA1ER. This action is part of a wider international law enforcement operation, called Nervone. The group is estimated to have embezzled an estimated $11 million - but could be as high as $30 million - through more than 30 attacks in 15 countries across Africa, Asia and Latin America.

The arrest in the Ivory Coast and sources of information

The arrest was made by authorities in Côte d'Ivoire early last month. Further details were provided by the Criminal Investigation Division of the US Secret Service and Booz Allen Hamilton DarkLabs. Also known as Common Raven, DESKTOP-GROUP, and NX$M$, this money-making criminal organization was initially exposed by Group-IB and the Orange CERT Coordination Center (Orange-CERT-CC) in November 2022.

The modus operandi of OPERA1ER

Between March 2018 and October 2022, OPERA1ER carried out numerous intrusions into banks, financial services and telecommunications companies. In January, Broadcom's Symantec disclosed a set of attacks targeting the financial sector in French-speaking countries in Africa between July and September 2022. The firm has seen a degree of overlap between the businesses it tracks such as Bluebottle and OPERA1ER. The group's attack chains made extensive use of spear-phishing, which kicked off a series of events culminating in the deployment of post-exploitation tools such as Cobalt Strike and Metasploit, and commercial remote access trojans. These tools offer several features to steal sensitive data.

Continuous access and deception techniques

OPERA1ER has been shown to maintain access to compromised networks for anywhere from three to twelve months, sometimes attacking the same company multiple times. Group-IB reported that most of the messages sent by the group were written in French, and simulated fake tax notifications or job offers. Thanks to this deception, OPERA1ER managed to gain access to the internal payment systems used by the affected organizations, using this information to withdraw funds.

Follow us on Facebook for more pills like this

07/06/2023 13:38

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat