Security News > 2022 > November > OPERA1ER hackers steal over $11 million from banks and telcos
A threat group that researchers call OPERA1ER has stolen at least $11 million from banks and telecommunication service providers in Africa using off-the-shelf hacking tools.
Analysts at Group-IB, working with the CERT-CC department at Orange, have been tracking OPERA1ER since 2019 and noticed that the group changed its techniques, tactics, and procedures last year.
OPERA1ER relies on open-source tools, commodity malware, and frameworks like Metasploit and Cobalt Strike to compromise company servers.
According to the researchers, OPERA1ER can spend between three to twelve months inside the compromised networks, and sometimes they attack the same company twice.
Using stolen credentials, OPERA1ER accesses email accounts and performs lateral phishing, studies internal documentation to understand money transfer procedures and protection mechanisms, and carefully plans the final, cashing out step.
In a report today, Group-IB explains that the gang withdraws the cash via a network of ATMs. "In one case studied by the researchers, a network of more than 400 subscriber accounts controlled by money mules hired by OPERA1ER was used to enable the cashing out of the stolen funds, mostly done overnight via ATMs" - Group-IB. Usually, the cashing out event took place on a holiday or over the weekend to minimize the chances of the compromised organizations responding to the situation in time.