Over the last four years, a highly-organized criminal organization has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams.
Known as OPERA1ER, with aliases such as NX$M$, DESKTOP Group and Common Raven, the group is believed to have stolen an estimated $11 million – potentially as much as $30 million – in more than 30 attacks across 15 countries in Africa, Asia and Latin America.
A detailed overview of OPERA1ER’s methods was published by Group-IB and Orange S.A. in November 2022. Following extensive cooperation, INTERPOL, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT) are announcing the arrest of a suspected senior member of the group, dealing a significant blow to their criminal activities.
The group’s illicit e-mail campaigns were first detected by Group-IB in 2018, when they recognized spear phishing operations responsible for spreading malware such as remote access tools.
Under the auspices of Operation Nervone, INTERPOL’s Cybercrime Directorate, Group-IB, and third-party stakeholder Orange exchanged intelligence which helped track the group’s behaviors and identify a probable location for their activities.
Additional information was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, confirming a number of leads.
In early June, authorities in Côte d’Ivoire were able to arrest a key suspect linked to attacks against financial institutions across Africa.
According to INTERPOL’s 2022 African Cyberthreat Assessment Report, cybercrime is a growing threat in the West Africa region, with victims located worldwide. Operation NERVONE underscores INTERPOL’s commitment to proactively combat the threat of cybercrime in the region.
Operation Nervone was backed by two key INTERPOL initiatives: the African Joint Operation against Cybercrime and the INTERPOL Support Programme for the African Union in relation to AFRIPOL, funded by the United Kingdom’s Foreign, Commonwealth & Development Office and Germany’s Federal Foreign Office, respectively.
