French speaking hackers steal at least $11M from banks
Cyberattacks have made their ways in business industries and made a lot of money through ransoming for releasing the access of Confidential Data via which they used to threaten the other party. Is there any way to reduce these kinds of attacks?
Well, you can only increase your online security by talking to professionals. However, it is hard for organizations to maintain that security layer over their networks. In this case, they become the victim of such attacks. But do you know about OPERA1ER.
Who is that? And what does it have to do with our case? For that, you can read this context, and see the results.
OPERA1ER Cyber Attack
This adversary has made it to 30 Attacks in which dozens of companies had to bear $11 Million worth loss.
Group-IB, found out about this France Native Adversary which caused dozens of successful cyberattacks. In this attack, several sectors came in contact in which the prime were – Banks, Financial Services, and Telecommunications Organizations in Africa.
Researchers’ Report Says
Group behind this incident, OPERA1ER, has stolen more than $11M while committing the crime. This is just the estimation made after the calculation done by the researcher, cuz the stolen items are worth higher than $30M. Cybercriminals have evolved a vast network to withdraw the stolen funds. E.g. – One attack included 400 Mule Accounts to support a Fraudulent withdrawals facility.
In the research, it was found that OPERA1ER’s attacks started in 2018, and followed the year 2022. Victim Organizations were from following locations:
- Ivory Coast
- Burkina Faso
- Sierra Leone
“Many of the victims identified were successfully attacked twice, and their infrastructure was then used to attack other organizations.”
“Because the gang relies solely on public tools, they have to think outside the box: in one incident […] OPERA1ER used an antivirus update server deployed in the infrastructure as a pivoting point,” researchers said.
According to the researchers’ report, in the main target list only those companies were listed who trade in a three-tiered digital money platform. That’s the reason, adversaries searched even more deeper for the information related to their victim. For victimization of those systems, it was necessary for adversaries to have enough information on key people of the organizations and the work related to them.
“The gang could have obtained this knowledge directly from the insiders or themselves by slowly and carefully inching their way into the targeted systems,” researchers said.
Adversaries used malware and hacking tools that are available on Dark Web in tandem with red teaming software. E.g. – Cobalt Strike and Metasploit. They weren’t in a rush. Following the report, cybercriminals first infect victim’s systems for 3 months – 1 year. Only after that, they proceed further for the actual crime.
One of the techniques to destroy businesses’ internal core was to collect all documents from their systems, so that soon that could be used as phishing attacks. They also try to learn how to manage to withdraw the stolen funds without alarming the security management.
Through this attack we get to know that nobody is safe over the internet without enough protection plans. To get secure from such attacks, you need to ensure that you have enough knowledge of how the adversaries would get in contact with you, and what types of attacks they could use to severe your survival conditions. Learn, Research, and Grow!
Kindly read another articles: