• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Threat Actor “OPERA1ER” Steals Millions from Banks and Telcos

You are here: Home / General Cyber Security News / Threat Actor “OPERA1ER” Steals Millions from Banks and Telcos
November 3, 2022

Security specialists have uncovered a extended-jogging APT campaign by a French-talking threat team that has stolen at the very least $11m from banks and telcos around a four-12 months period of time.

Group-IB named the team “OPERA1ER,” while it has been earlier recognised by the monikers “DESKTOP-group” and “Common Raven.”

The danger intelligence company teamed up with the Orange CERT Coordination Middle to compile the report, OPERA1ER. Taking part in God without having authorization.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


It specific how the team employed off-the-shelf tooling to carry out at minimum 35 attacks on financial institutions, monetary solutions companies and telecommunications companies generally in Africa, Bangladesh and Argentina, in between 2018 and 2022.

“Detailed analysis of the gang’s latest attacks discovered an intriguing pattern in its modus operandi: OPERA1ER conducts attacks generally all through the weekends or community vacations,” reported Rustam Mirkasymov, head of cyber risk exploration at Group-IB Europe.

“It correlates with the actuality that it spends from three to 12 months from the original obtain to cash theft. It was set up that the French-speaking hacker team could function from Africa. The precise quantity of the gang users is unidentified.”

The team used freely accessible malware and pink-teaming frameworks like Metasploit and Cobalt Strike to accomplish its finishes.

Attacks start out with a hugely qualified spear-phishing email loaded with a booby-trapped attachment, which could be hiding a distant accessibility Trojan (RAT) like Netwire, bitrat, venomRAT, AgentTesla or Neutrino, as very well as password sniffers and dumpers.

This accessibility potential customers to exfiltration of emails and internal files that are then analyzed for use in future phishing attacks. Documents also aided the attackers to comprehend the elaborate electronic payments platform applied by the victim companies, in accordance to the report.

“The platform has a 3-tiered architecture of distinctive accounts to permit distinct kinds of functions. To compromise these units, OPERA1ER would involve precise understanding about important individuals associated in the method, security mechanisms in spot, and links concerning back again-conclusion platform operations and money withdrawals,” Group-IB said.

“The gang could have attained this awareness instantly from the insiders or them selves by bit by bit and cautiously inching their way into the specific units.”

Applying qualifications stolen from internal accounts, the hackers evidently transferred cash from “operator” accounts containing big sums of revenue, to “channel user” accounts and then to “subscriber” accounts under their regulate.

The team then cashed out the money by using ATMs – which includes one raid wherever they did so by way of a network of more than 400 subscriber accounts managed by money mules recruited months in progress.

In one particular case, the hackers managed to obtain a target banks’ SWIFT messaging interface application, though in yet another they hijacked an SMS server which could have been utilised to bypass anti-fraud mechanisms or income out revenue via payment or cellular banking units, according to the report.


Some pieces of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «hackers using rogue versions of keepass and solarwinds software to Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
Next Post: OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa opera1er apt hackers targeted dozens of financial organizations in africa»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.