According to a new report from Group-IB, at least 16 African banks, financial services, and telecommunications companies have been victimized by the French-speaking threat group OPERA1ER. The threat group has been responsible for at least $11 million in theft since 2018. Group-IB’s report pertains to the threat group’s activities since 2019. The report was not published until now as the hacking group resurfaced recently after taking a break in 2021. Group-IB confirms that the threat actor is operating again.
The security researchers reported that the threat group has conducted at least 30 successful breaches since 2018. The group is sophisticated and coordinated, Group-IB says, deploying more than 400 mule accounts to conduct fraudulent money withdrawals. The group does not use fancy malware, however, and its malware is easily accessible through open sources and everyday red-team frameworks. OPERA1ER delivers remote access trojans deployed via French email phishing lures. The group tends to remain on its victims’ networks for an extended period of time to gather as much information as possible.