This cybercrime group stole $30 million from banks and telecoms in a four-year crime spree
Several African banks, as well as a number of financial institutions and telecommunications operators in Asia and Latin America, have been victims of a highly sophisticated, well-planned heist campaign, which saw the crooks walk away with at least $30 million.
Cybersecurity experts Group-IB discovered the robbery after being brought in to investigate suspicious cyber-activity.
Together with French telecom company Orange’s CERT Coordination Center, it found that a French-speaking cybercrime group, dubbed OPERA1ER, planned the whole thing for roughly four years, and eventually initiated more than 30 heists.
As reported by The Register, the group first phished its way into these companies by landing malware, keyloggers, or password stealers. After setting foot into these networks, they’d obtain admin-level credentials to Windows domain controllers on the networks, as well as the back-end applications such as SWIFT. Then, they’d slowly move people’s funds around, until they land on the account of their choosing.
Finally, they’d withdraw the money from ATMs.
In one such attack, “a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs,” the report reads. Further investigation uncovered the mules had been recruited months in advance. “It was obvious that the attack was very sophisticated, organized, coordinated and planned over a long period of time.”
> Here’s our rundown of the best endpoint protection services right now
> Bitcoin ATM bug let thieves siphon off crypto withdrawals
> New malware poses frightening threat to cash machines
The researchers also found that the group did not use any sophisticated, high-end malware. It was just off-the-shelf stuff, and anything else they could find for free on the dark web.
“With the basic ‘off-the-shelf’ toolkit OPERA1ER is confirmed to have stolen at least $11 million since 2019,” the report states. “But the actual amount is believed to be higher than $30 million as some of the compromised companies did not confirm the fact of money loss.”
The victim companies were located, among other places, in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina.
- These are the best antivirus programs today
Via: The Register