AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Global fight against cybercrime: OPERA1ER tower fell

French criminal organization loses its leader: Interpol announces high-profile arrest in international operation coded "Nervon"

French-speaking hacker group OPERA1ER's senior member has been detained in an international operation, Nervone, initiated by Interpol. Suspected to have committed over 30 attacks across 15 countries, the group pilfered approximately $11-30 million. The operation tracked their signature spear-phishing techniques, which involved fake notifications and job offers, to gain access to internal payment systems of the victim organizations.

This pill is also available in Italian language

Interpol has announced the arrest of an alleged senior member of a French-speaking hacker group known as OPERA1ER. This action is part of a wider international law enforcement operation, called Nervone. The group is estimated to have embezzled an estimated $11 million - but could be as high as $30 million - through more than 30 attacks in 15 countries across Africa, Asia and Latin America.

The arrest in the Ivory Coast and sources of information

The arrest was made by authorities in Côte d'Ivoire early last month. Further details were provided by the Criminal Investigation Division of the US Secret Service and Booz Allen Hamilton DarkLabs. Also known as Common Raven, DESKTOP-GROUP, and NX$M$, this money-making criminal organization was initially exposed by Group-IB and the Orange CERT Coordination Center (Orange-CERT-CC) in November 2022.

The modus operandi of OPERA1ER

Between March 2018 and October 2022, OPERA1ER carried out numerous intrusions into banks, financial services and telecommunications companies. In January, Broadcom's Symantec disclosed a set of attacks targeting the financial sector in French-speaking countries in Africa between July and September 2022. The firm has seen a degree of overlap between the businesses it tracks such as Bluebottle and OPERA1ER. The group's attack chains made extensive use of spear-phishing, which kicked off a series of events culminating in the deployment of post-exploitation tools such as Cobalt Strike and Metasploit, and commercial remote access trojans. These tools offer several features to steal sensitive data.

Continuous access and deception techniques

OPERA1ER has been shown to maintain access to compromised networks for anywhere from three to twelve months, sometimes attacking the same company multiple times. Group-IB reported that most of the messages sent by the group were written in French, and simulated fake tax notifications or job offers. Thanks to this deception, OPERA1ER managed to gain access to the internal payment systems used by the affected organizations, using this information to withdraw funds.

Follow us on Telegram for more pills like this

07/06/2023 13:38

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon