Security News > 2023 > January > Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations

Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations
2023-01-05 12:34

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022.

"The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a report shared with The Hacker News.

The cybersecurity firm said the activity shares overlaps with a threat cluster tracked by Group-IB under the name OPERA1ER, which has carried out dozens of attacks aimed at banks, financial services, and telecom companies in Africa, Asia, and Latin America between 2018 and 2022.

The attribution stems from similarities in the toolset used, the attack infrastructure, the absence of bespoke malware, and the targeting of French-speaking nations in Africa.

Three different unnamed financial institutions in three African nations were breached, although it's not known whether Bluebottle successfully monetized the attacks.

With the threat actors suspected to be French-speaking, it's likely that the attacks could expand to other French-speaking nations across the world, the company cautioned.


News URL

https://thehackernews.com/2023/01/bluebottle-cybercrime-group-preys-on.html