• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
bluebottle cybercrime group preys on financial sector in french speaking african

Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations

You are here: Home / General Cyber Security News / Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations
January 5, 2023

A cybercrime team dubbed Bluebottle has been joined to a set of focused attacks from the monetary sector in Francophone international locations located in Africa from at least July 2022 to September 2022.

“The team tends to make comprehensive use of residing-off-the-land, twin use instruments, and commodity malware, with no customized malware deployed in this campaign,” Symantec, a division of Broadcom Program, mentioned in a report shared with The Hacker News.

The cybersecurity organization stated the activity shares overlaps with a risk cluster tracked by Group-IB under the identify OPERA1ER, which has carried out dozens of attacks aimed at banks, financial companies, and telecom businesses in Africa, Asia, and Latin America concerning 2018 and 2022.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The attribution stems from similarities in the toolset employed, the attack infrastructure, the absence of bespoke malware, and the targeting of French-talking nations in Africa. 3 unique unnamed economic establishments in 3 African nations had been breached, even though it is really not identified no matter if Bluebottle successfully monetized the attacks.

The fiscally inspired adversary, also known by the identify DESKTOP-Group, has been accountable for a string of heists totaling $11 million, with real damages touching $30 million.

The the latest attacks illustrate the group’s evolving methods, like employing an off-the-shelf malware named GuLoader in the early stages of the infection chain as properly as weaponizing kernel motorists to disable security defenses.

Symantec mentioned it couldn’t trace the first intrusion vector, even though it detected task-themed documents on the sufferer networks, indicating that employing associated phishing lures had been very likely place to use to trick the targets into opening malicious email attachments.

What’s a lot more, an attack detected in mid-Might 2022 included the delivery of an information stealer malware in the type of a ZIP file containing an executable display screen saver (.SCR) file. Also observed in July 2022 was the use of an optical disc picture (.ISO) file, which has been used by lots of a danger actor as a indicates of distributing malware.

“If the Bluebottle and OPERA1ER actors are in truth 1 and the same, this would signify that they swapped out their infection tactics amongst May and July 2022,” the researchers pointed out.

The spear-phishing attachments direct to the deployment of GuLoader, which subsequently acts as a conduit to drop further payloads on the machine, these kinds of as Netwire, Quasar RAT, and Cobalt Strike Beacon. Lateral movement is facilitated via instruments like PsExec and SharpHound.

A different procedure adopted by the team is the use of signed motorists to terminate security software package, a approach that has been used by various hacking crews for identical reasons, according to results from Mandiant, SentinelOne, and Sophos previous month.

With the risk actors suspected to be French-talking, it’s likely that the attacks could broaden to other French-speaking nations across the world, the business cautioned.

“The usefulness of its campaigns indicates that Bluebottle is unlikely to stop this exercise,” the researchers claimed. “It seems to be quite centered on Francophone nations in Africa, so money establishments in these nations around the world really should keep on being on substantial notify.”

Located this posting attention-grabbing? Adhere to us on Twitter  and LinkedIn to go through far more exclusive material we submit.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «unified endpoint management and security in a work from anywhere world Unified Endpoint Management and Security in a work-from-anywhere world
Next Post: Research: Luxury cars and emergency services vehicles vulnerable to remote takeover research: luxury cars and emergency services vehicles vulnerable to remote»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.