BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping OPERA1ER: a criminal network of enterprising hackers


    The OPERA1ER gang stole at least $11 million from banks and telecommunications providers in Africa using off-the-shelf hacking tools. This was stated by Group-IB researchers in a new report.

    Between 2018 and 2022, hackers carried out more than 35 successful attacks, about 30% of them were carried out in 2020. Group-IB analysts have been monitoring the OPERA1ER APT group since 2019 and noticed that in 2021 the group changed its tactics, techniques and procedures (TTPs).

    The group of hackers is made up of French-speaking members who are believed to be operating from Africa. In addition to African companies, the group also attacked organizations in Argentina, Paraguay and Bangladesh.

    To compromise victims' servers, OPERA1ER uses open source tools, standard malware, and frameworks such as Metasploit and Cobalt Strike.

    In the detected company, OPERA1ER uses phishing emails written in French. In most cases, the posts masquerade as the tax office or the Human Resources Department of the Central Bank of West African States (BCEAO).

    Email attachments deliver a variety of malware, including:

    • BitRAT;
    • Agent Tesla;
    • Remcos;
    • Neutrino.

    Group-IB also reports that hackers distributed sniffers and password guessing tools.

    According to the researchers, OPERA1ERs can stay inside compromised networks for 3 to 12 months, and sometimes they attack the same company twice. Experts also said that hackers can use the compromised infrastructure as a reference point for other purposes.

    Using stolen credentials, OPERA1ER accesses mail accounts and performs side phishing, and then examines internal documentation to understand money transfer procedures and protection mechanisms. Ultimately, cybercriminals steal funds unnoticed.

    The hackers target the accounts of operators who control large sums of money and use stolen credentials to transfer funds to the accounts of Telegram channel subscribers under the control of cybercriminals.

    According to Group-IB, attackers withdraw cash through a network of ATMs. In one case, a network of over 400 subscriber accounts controlled by hired money mules was used to cash out stolen funds, mostly through ATMs.

    Typically, cashouts were carried out on a holiday or weekend to minimize the chances of compromised organizations to respond in time to the situation.

    At the victim banks, OPERA1ER compromised the SWIFT system, which transmits all the details of financial transactions, and pumped key information about fraud protection systems that the hackers needed to bypass.

    Author DeepWeb
    LSD
    29 PyPI packages distribute infostealers

    Comments 0

    Add comment