Threat Management, Email security, Vulnerability Management

Over $30M potentially stolen in Opera1er attacks against financial orgs

More than $30 million may have been stolen by French-speaking cybercrime operation Opera1er, also known as NXSMS, Desktop-Group, and Common Raven, from cyberattacks against banks, financial services organizations, mobile banking services, and telecommunications companies between 2019 and 2021, SecurityWeek reports. Opera1er, which is believed to be active since 2016, has been confirmed to have stolen $11 million from its victims, most of which are African banks, although other entities across 15 African, Asian, and Latin American countries have also been impacted by the operation, according to a report from Group-IB. After obtaining domain controller and back-office system access through spear-phishing, Opera1er will wait for three months to a year before proceeding with fund exfiltration, which involves the use of bank infrastructure to facilitate the transfer of stolen funds to mule accounts. "In at least two banks, Opera1er got access to the SWIFT messaging interface. In one incident, the hackers obtained access to an SMS server which could be used to bypass anti-fraud or to cash out money via payment systems or mobile banking systems. In another incident, Opera1er used an antivirus update server which was deployed in the infrastructure as a pivoting point," said Group-IB.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds