INTERPOL Nabs Hacking Crew OPERA1ER’s Leader Behind $11 Million Cybercrime

INTERPOL Nabs Hacking Crew OPERA1ER’s Leader Behind $11 Million Cybercrime

A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced.

“The group is believed to have stolen an estimated USD 11 million — potentially as much as 30 million — in more than 30 attacks across 15 countries in Africa, Asia, and Latin America,” the agency said.

The financially motivated collective is also known by the aliases Common Raven, DESKTOP-GROUP, and NX$M$. Its modus operandi was first exposed by Group-IB and Orange CERT Coordination Center (Orange-CERT-CC) in November 2022, detailing its intrusions on banks, financial services, and telecom companies between March 2018 and October 2022.

Earlier this January, Broadcom’s Symantec said it uncovered a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. The company said the activity, which it tracks as Bluebottle, has a degree of crossover with OPERA1ER.

Hacking Crew

OPERA1ER has also been observed maintaining access to compromised networks for a period ranging anywhere from three to twelve months, occasionally targeting the same company several times.

“Most of the messages were written in French, and mimicked fake tax office notifications or hiring offers,” Group-IB said. “OPERA1ER was able to get access to internal payment systems used by the affected organizations, and leveraged this to withdraw funds.”