This cybercrime group stole $30 million from banks and telecoms in a four-year crime spree

A laptop on a lap with 100 dollar bills flying out
(Image credit: Shutterstock/Africa Studio)

Several African banks, as well as a number of financial institutions and telecommunications operators in Asia and Latin America, have been victims of a highly sophisticated, well-planned heist campaign, which saw the crooks walk away with at least $30 million. 

Cybersecurity experts Group-IB discovered the robbery after being brought in to investigate suspicious cyber-activity.

Together with French telecom company Orange's CERT Coordination Center, it found that a French-speaking cybercrime group, dubbed OPERA1ER, planned the whole thing for roughly four years, and eventually initiated more than 30 heists. 

Very sophisticated

As reported by The Register, the group first phished its way into these companies by landing malware, keyloggers, or password stealers. After setting foot into these networks, they’d obtain admin-level credentials to Windows domain controllers on the networks, as well as the back-end applications such as SWIFT. Then, they’d slowly move people’s funds around, until they land on the account of their choosing.

Finally, they’d withdraw the money from ATMs. 

In one such attack, "a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs," the report reads. Further investigation uncovered the mules had been recruited months in advance. "It was obvious that the attack was very sophisticated, organized, coordinated and planned over a long period of time."

The researchers also found that the group did not use any sophisticated, high-end malware. It was just off-the-shelf stuff, and anything else they could find for free on the dark web. 

"With the basic 'off-the-shelf' toolkit OPERA1ER is confirmed to have stolen at least $11 million since 2019," the report states. "But the actual amount is believed to be higher than $30 million as some of the compromised companies did not confirm the fact of money loss."

The victim companies were located, among other places, in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina.

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.