Cybercrime , Fraud Management & Cybercrime , Social Engineering

International Police Arrest Head of Opera1er Cybercrime Gang

Authorities Say French-Speaking Gang Stole $30M From Financial Firms in 15 Nations
International Police Arrest Head of Opera1er Cybercrime Gang
Image: Group-IB

International law enforcement agencies say they arrested the mastermind of a French-speaking cybercriminal syndicate dubbed Opera1er for carrying out more than 30 successful attacks against financial institutions, banks, mobile banking services and telecommunications companies.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

The group is accused of stealing an estimated $30 million in a variety of scams including malware, phishing and business email compromise.

Interpol led the operation, called Nervone, with support from the African Joint Operation against Cybercrime, AFRIPOL, the Direction de L'information et des Traces Technologiques, Group-IB and the Orange CERT Coordination Center.

Group-IB first identified the Opera1er group in 2018 and noticed the group preferred to hit victims on weekends or during public holidays. Group-IB's intelligence helped uncover the identity and potential location of the unnamed kingpin, detained in early June in Abidjan, Côte d'Ivoire, Mali.

Group-IB said the gang is also known as Desktop-Group and NXSMS, and in 2020 the Society for Worldwide Interbank Financial Telecommunication - aka SWIFT - dubbed it Common Raven.

Victims included financial services firms and telecommunications companies in Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina, and the attacks occurred between March 2018 and October 2022.

The group used off-the-shelf, open-source programs, freely available malware and popular red-teaming frameworks, such as Metasploit and Cobalt Strike.

The group has employed attack chains that use spear-phishing baits, triggering a sequence of actions that ultimately culminate in the use of post-exploitation tools. "Most of the messages were written in French, and mimicked fake tax office notifications or hiring offers," Group-IB said.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.