Interpol Arrests the Leader of OPERA1ER Cybercrime Group
In a major breakthrough, Interpol announced the arrest of a suspected senior member believed to be the leader of the notorious cybercrime group known as OPERA1ER. The arrest resulted from a successful joint operation named Nervone, involving Interpol, AFRIPOL, Group-IB, and the Côte d’Ivoire’s Direction de l'Information et des Traces Technologiques (DITT).
Over the past four years, OPERA1ER (also known by aliases such as NX$M$, DESKTOP Group, and Common Raven) has wreaked havoc on financial institutions and mobile banking services. Their sophisticated tactics include employing malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams, resulting in estimated losses of up to $30 million across 15 countries in Africa, Asia, and Latin America.
The group's activities were brought to light in a comprehensive report published by cybersecurity firm Group-IB and telecom carrier Orange S.A. in November 2022. These companies collaborated with Interpol's Cybercrime Directorate, the US Secret Service’s Criminal Investigative Division, and Booz Allen Hamilton DarkLabs cybersecurity researchers to gather crucial intelligence and narrow down the probable location of the group.
OPERA1ER members primarily communicate in French and are suspected of operating from Africa. They employ a variety of tools in their attacks, including open-source solutions, common malware, and frameworks like Metasploit and Cobalt Strike.
To gain initial access to their targets' networks, they utilize spear-phishing emails. These emails exploit popular subjects such as invoices or postal delivery notifications, enticing recipients to open them. Once opened, a diverse range of first-stage malware is deployed.
On July 5, Interpol said, "According to the INTERPOL’s 2022 African Cyberthreat Assessment Report, cybercrime is a growing threat in the West Africa region, with victims located worldwide. Operation NERVONE underscores INTERPOL's commitment to proactively combat the threat of cybercrime in the region.”