Scroll Top

INTERPOL busts OPERA1ER’s leader responsible for $11 million cybercrime spree

88B55229-C15F-473F-8B83-917AFC44C5C1_w1080_h608 has obtained exclusive details regarding the recent arrest of a high-ranking member of the notorious hacking crew known as OPERA1ER. The operation, code-named Nervone, conducted by Interpol, successfully apprehended the group’s leader, who is believed to be responsible for orchestrating an elaborate cybercrime spree resulting in the theft of approximately $11 million. The international hacking collective, primarily operating in French-speaking countries, has been implicated in over 30 attacks across 15 nations in Africa, Asia, and Latin America.

The arrest, which took place early last month, was carried out by authorities in Côte d’Ivoire, marking a significant breakthrough in the ongoing battle against cybercriminals. Assisting in the operation were the U.S. Secret Service’s Criminal Investigative Division and renowned cybersecurity firm Booz Allen Hamilton DarkLabs, providing crucial insights and support to the investigation.

OPERA1ER, also known by their aliases Common Raven, DESKTOP-GROUP, and NX$M$, has long been a subject of interest for cybersecurity experts. In November 2022, their activities were first exposed by Group-IB and Orange CERT Coordination Center (Orange-CERT-CC), shedding light on their extensive intrusions targeting banks, financial services, and telecom companies. The period between March 2018 and October 2022 witnessed a series of attacks orchestrated by OPERA1ER, primarily aimed at compromising sensitive financial systems.

Earlier this year, Broadcom’s Symantec detected a related set of targeted attacks against the financial sector in Francophone African countries, referred to as Bluebottle. These attacks exhibited striking similarities to the tactics employed by OPERA1ER, suggesting a potential connection between the two cybercriminal groups.

OPERA1ER’s attack methodology relied heavily on spear-phishing techniques, employing fraudulent messages written in French to deceive victims. These messages often masqueraded as fake tax office notifications or enticing job offers, tricking individuals into divulging sensitive information. Once inside a targeted network, the group employed sophisticated post-exploitation tools such as Cobalt Strike and Metasploit, along with off-the-shelf remote access trojans, to gain further access and extract valuable data. Notably, OPERA1ER maintained persistent access to compromised networks for extended periods, ranging from three to twelve months, occasionally revisiting the same organization multiple times.

The successful arrest of the group’s leader marks a significant victory in the global fight against cybercrime. Interpol, in collaboration with various international agencies and cybersecurity firms, continues to prioritize the identification and dismantling of cybercriminal networks like OPERA1ER to ensure the safety and security of individuals and organizations worldwide.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.