#report #OPERA1ER
💸 OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. Many of the victims identified were successfully hit twice, and their infrastructure was then used to attack other organizations.
In collaboration with the researchers from Orange CERT Coordination Center, Group-IB is releasing a new report "OPERA1ER. Playing God without permission".
📍OPERA1ER traces its roots back to 2016. Between 2018 and 2022, the gang managed to steal at least $11 million, and the actual amount of damage could be as high as $30 million.
📍OPERA1ER has been seen targeting companies across in 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, Argentina. Africa clearly remains their priority.
📍One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals.
Download Group-IB's new report "OPERA1ER. Playing God without permission" to get detailed information about the tactics, techniques, and procedures (TTPs), tools and kill chain of this gang.
💸 OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. Many of the victims identified were successfully hit twice, and their infrastructure was then used to attack other organizations.
In collaboration with the researchers from Orange CERT Coordination Center, Group-IB is releasing a new report "OPERA1ER. Playing God without permission".
📍OPERA1ER traces its roots back to 2016. Between 2018 and 2022, the gang managed to steal at least $11 million, and the actual amount of damage could be as high as $30 million.
📍OPERA1ER has been seen targeting companies across in 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, Argentina. Africa clearly remains their priority.
📍One of OPERA1ER’s attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals.
Download Group-IB's new report "OPERA1ER. Playing God without permission" to get detailed information about the tactics, techniques, and procedures (TTPs), tools and kill chain of this gang.
🔥10
Group-IB
#report #OPERA1ER 💸 OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication…
#blog #OPERA1ER
Threat actors are constantly developing new TTPs and in August 2022, with the help of Przemyslaw Skowron, Group-IB identified some new servers used by OPERA1ER. The latest IOCs and OPERA1ER’s targets can be found in this blog post👈
Threat actors are constantly developing new TTPs and in August 2022, with the help of Przemyslaw Skowron, Group-IB identified some new servers used by OPERA1ER. The latest IOCs and OPERA1ER’s targets can be found in this blog post👈
👍5
#fraud #conference
Let’s stamp out digital fraud together!
Group-IB teamed up in late October with its partner Versos to host the first ever Fraud Day — Saudi Arabia in Riyadh! The event, organized in collaboration with the Saudi Banking Committee for Information Security (BCIS), brought together thought leaders and representatives from leading Saudi Arabian, Middle Eastern, and global financial institutions to discuss best practices to combat the growing threat of digital fraud.
More details👈
Let’s stamp out digital fraud together!
Group-IB teamed up in late October with its partner Versos to host the first ever Fraud Day — Saudi Arabia in Riyadh! The event, organized in collaboration with the Saudi Banking Committee for Information Security (BCIS), brought together thought leaders and representatives from leading Saudi Arabian, Middle Eastern, and global financial institutions to discuss best practices to combat the growing threat of digital fraud.
More details👈
🔥12
#scam #phishing
Group-IB uncovered a wide-scale scam campaign that saw malicious actors imitate a leading manpower provider in the Kingdom of Saudi Arabia. In total, Group-IB identified more than 1,000 rogue domains created by the scammers as part of this scheme.
📍Campaign was first observed in April 2021 and peaked in activity this past spring.
📍The malicious actors utilized multi-step social engineering techniques to steal users’ credentials for banks and online governmental service portals.
📍Scammers’ portfolio includes fake websites and social media pages that contain links to WhatsApp conversations.
📍During WhatsApp conversations, the scammers sent phishing website links to users, who are then tricked into entering their bank account credentials or government service portal logins when asked to make a fake processing payment for sourcing domestic workers.
📍The scammers created scam pages emulating 11 leading regional banks to steal victims’ bank account details.
In line with Group-IB’s zero-tolerance policy to cybercrime, the Group-IB Computer Emergency Response Team (CERT-GIB) notified its fellow OIC-CERT member Saudi CERT (CERT-SA) of its findings to assist with subsequent steps to mitigate this scam campaign.
Read our new blog post to learn more about the scheme, and to get recommendations on how to avoid falling victim to phishing attacks. Click here👈
Group-IB uncovered a wide-scale scam campaign that saw malicious actors imitate a leading manpower provider in the Kingdom of Saudi Arabia. In total, Group-IB identified more than 1,000 rogue domains created by the scammers as part of this scheme.
📍Campaign was first observed in April 2021 and peaked in activity this past spring.
📍The malicious actors utilized multi-step social engineering techniques to steal users’ credentials for banks and online governmental service portals.
📍Scammers’ portfolio includes fake websites and social media pages that contain links to WhatsApp conversations.
📍During WhatsApp conversations, the scammers sent phishing website links to users, who are then tricked into entering their bank account credentials or government service portal logins when asked to make a fake processing payment for sourcing domestic workers.
📍The scammers created scam pages emulating 11 leading regional banks to steal victims’ bank account details.
In line with Group-IB’s zero-tolerance policy to cybercrime, the Group-IB Computer Emergency Response Team (CERT-GIB) notified its fellow OIC-CERT member Saudi CERT (CERT-SA) of its findings to assist with subsequent steps to mitigate this scam campaign.
Read our new blog post to learn more about the scheme, and to get recommendations on how to avoid falling victim to phishing attacks. Click here👈
🔥14👍3❤2
#conference #BHMEA22
It's a wrap for Black Hat MEA 2022! The event brought together global infosec experts for 3 amazing days of workshops, networking, and sharing first-hand knowledge on how to how to stay ahead of cybercriminals. Group-IB team was beyond happy to meet friends, partners, vendors and cybersecurity experts at the venue.
Group-IB's Head of Dynamic Malware Analysis Team Ivan Pisarev speaking session on "The (Former) Conti Enterprise: The Underground's Booming IT Business" took a deep dive into the notorious ransomware gang. If you want to learn more about Conti, download Group-IB's report "Conti Armada: The ARMattack Campaign"👈
Thanks Black Hat MEA for such an outstanding cybersecurity event!
It's a wrap for Black Hat MEA 2022! The event brought together global infosec experts for 3 amazing days of workshops, networking, and sharing first-hand knowledge on how to how to stay ahead of cybercriminals. Group-IB team was beyond happy to meet friends, partners, vendors and cybersecurity experts at the venue.
Group-IB's Head of Dynamic Malware Analysis Team Ivan Pisarev speaking session on "The (Former) Conti Enterprise: The Underground's Booming IT Business" took a deep dive into the notorious ransomware gang. If you want to learn more about Conti, download Group-IB's report "Conti Armada: The ARMattack Campaign"
Thanks Black Hat MEA for such an outstanding cybersecurity event!
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤12👍4🔥2
#stealers
👾 Group-IB has identified 34 Russian-speaking groups that are distributing info-stealing malware under the stealer-as-a-service model.
The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users’ payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords. All the identified groups orchestrate their attacks through Russian-language Telegram groups, although they mainly target users in the United States, Brazil, India, Germany, and Indonesia.
By tracking the evolution of the popular scam scheme Classiscam, Group-IB Digital Risk Protection analysts revealed how some "workers" (low-rank online scammers) started shifting to a more dangerous criminal scheme that involves distributing info stealers. Moreover, the illicit business of stealers, which is coordinated via Telegram groups, uses exactly the same operational model as Classiscam.
According to Group-IB, stealers are one of the top threats to watch in the coming year. The threat actor responsible for the most recent attack on Uber purchased the credentials compromised with the Racoon stealer.
Want to learn more? Click here👈
The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users’ payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords. All the identified groups orchestrate their attacks through Russian-language Telegram groups, although they mainly target users in the United States, Brazil, India, Germany, and Indonesia.
By tracking the evolution of the popular scam scheme Classiscam, Group-IB Digital Risk Protection analysts revealed how some "workers" (low-rank online scammers) started shifting to a more dangerous criminal scheme that involves distributing info stealers. Moreover, the illicit business of stealers, which is coordinated via Telegram groups, uses exactly the same operational model as Classiscam.
According to Group-IB, stealers are one of the top threats to watch in the coming year. The threat actor responsible for the most recent attack on Uber purchased the credentials compromised with the Racoon stealer.
Want to learn more? Click here👈
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4😱3
#INTERPOL #FightAgainstCybercrime
🤝 Group-IB has contributed to the INTERPOL-led Africa Cyber Surge Operation to combat cybercrime on continent.
The Africa Cyber Surge Operation, a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure, was launched in July 2022. The operation’s strategic goal was to enhance cooperation between African law enforcement agencies to prevent, mitigate, investigate, and pursue threat actors.
Several key results of the operation included:
▪️the arrest of 10 individuals linked to scam and fraud activities worth $800,000;
▪️the takedown by the authorities in Eritrea of a darknet market that was selling hacking tools;
▪️action taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa.
For this operation Group-IB collected information about malicious and phishing network infrastructure hosted within member countries in Africa. Group-IB investigators leveraged the company’s sector-leading Threat Intelligence to produce a detailed report along with recommendations for the member countries.
“The Africa Cyber Surge Operation is another example of how cybersecurity is most effective when international law enforcement, individual nations, and private sector partners cooperate to share best practices and take a proactive approach to stamping out cybercrime. Group-IB is fully committed to its zero-tolerance policy to cybercrime, and our recent participation in the Africa Cyber Surge Operation underscores our desire to collaborate with our law enforcement partners and share best practices and information on the latest cyber threats,” Dmitry Volkov, CEO at Group-IB, said.
Click here for more details👈
The Africa Cyber Surge Operation, a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure, was launched in July 2022. The operation’s strategic goal was to enhance cooperation between African law enforcement agencies to prevent, mitigate, investigate, and pursue threat actors.
Several key results of the operation included:
▪️the arrest of 10 individuals linked to scam and fraud activities worth $800,000;
▪️the takedown by the authorities in Eritrea of a darknet market that was selling hacking tools;
▪️action taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa.
For this operation Group-IB collected information about malicious and phishing network infrastructure hosted within member countries in Africa. Group-IB investigators leveraged the company’s sector-leading Threat Intelligence to produce a detailed report along with recommendations for the member countries.
“The Africa Cyber Surge Operation is another example of how cybersecurity is most effective when international law enforcement, individual nations, and private sector partners cooperate to share best practices and take a proactive approach to stamping out cybercrime. Group-IB is fully committed to its zero-tolerance policy to cybercrime, and our recent participation in the Africa Cyber Surge Operation underscores our desire to collaborate with our law enforcement partners and share best practices and information on the latest cyber threats,” Dmitry Volkov, CEO at Group-IB, said.
Click here for more details
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10❤1
#scam #phishing #FIFA
⚽️ Football lovers, beware. Group-IB has identified multiple scam and phishing attacks targeting users looking for tickets, official merchandise, and jobs at the FIFA World Cup 2022 in Qatar.
Ahead of the tournament, which kicked off on November 20, 2022, researchers from the Group-IB Digital Risk Protection team detected more than 16,000 scam domains, and dozens of fake social media accounts, advertisements, and mobile applications created by scammers aiming to capitalize on the huge global interest in the largest global football event. Group-IB’s sector-leading Threat Intelligence also helped to uncover more than 90 potentially compromised accounts on official FIFA World Cup 2022 fan portals.
⚽️ In one scam scheme scammers created a fake merchandise website and placed more than 130 advertisements on social media marketplaces in an attempt to drive traffic to the site. This website offers consumers branded t-shirts of the national teams participating in Qatar 2022, and users are asked to enter their bank card details or transfer money through payment systems displayed on the fake site in order to purchase a shirt. In the end, the scammers will either receive the money from the transaction or, in some cases, get the banking credentials of the user.
⚽️ Scammers also targeted those looking to purchase tickets for the games. To make this discovery, Group-IB tracked 5 websites and more than 50 social media accounts registered no earlier than September 2022 containing mentions of “FIFA”, “World Cup” and “tickets.” On the phishing websites, users who have been tricked into thinking that they are purchasing official tickets are asked to enter their bank card details or transfer money through the payment gateway provided on the website. Scammers will either receive the funds from the transaction, or in some cases, they steal the bank card details of the user, who will not receive any tickets.
These are not the only schemes that Group-IB has discovered. Check out our website to learn more👈
Ahead of the tournament, which kicked off on November 20, 2022, researchers from the Group-IB Digital Risk Protection team detected more than 16,000 scam domains, and dozens of fake social media accounts, advertisements, and mobile applications created by scammers aiming to capitalize on the huge global interest in the largest global football event. Group-IB’s sector-leading Threat Intelligence also helped to uncover more than 90 potentially compromised accounts on official FIFA World Cup 2022 fan portals.
⚽️ In one scam scheme scammers created a fake merchandise website and placed more than 130 advertisements on social media marketplaces in an attempt to drive traffic to the site. This website offers consumers branded t-shirts of the national teams participating in Qatar 2022, and users are asked to enter their bank card details or transfer money through payment systems displayed on the fake site in order to purchase a shirt. In the end, the scammers will either receive the money from the transaction or, in some cases, get the banking credentials of the user.
⚽️ Scammers also targeted those looking to purchase tickets for the games. To make this discovery, Group-IB tracked 5 websites and more than 50 social media accounts registered no earlier than September 2022 containing mentions of “FIFA”, “World Cup” and “tickets.” On the phishing websites, users who have been tricked into thinking that they are purchasing official tickets are asked to enter their bank card details or transfer money through the payment gateway provided on the website. Scammers will either receive the funds from the transaction, or in some cases, they steal the bank card details of the user, who will not receive any tickets.
These are not the only schemes that Group-IB has discovered. Check out our website to learn more
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍2
#WhitePaper #ThreatIntelligence
Is your security strategy for 2023 ready? The number of cyber-attacks on organizations is increasing rapidly; the attacks are becoming more complex and causing a growing amount of damage. Information about threats and potential attack vectors enables organizations to introduce pre-emptive strategies to thwart attackers’ plans.
Frost & Sullivan, an international research consulting firm, recently released a white paper entitled “Threat Intelligence: Insights for Pre-emptive Strategies against Cyber Adversaries”. The document explains how to use threat intelligence to build a data-driven defense plan for your board and gain the upper hand against adversaries. Check out the white paper👈
Is your security strategy for 2023 ready? The number of cyber-attacks on organizations is increasing rapidly; the attacks are becoming more complex and causing a growing amount of damage. Information about threats and potential attack vectors enables organizations to introduce pre-emptive strategies to thwart attackers’ plans.
Frost & Sullivan, an international research consulting firm, recently released a white paper entitled “Threat Intelligence: Insights for Pre-emptive Strategies against Cyber Adversaries”. The document explains how to use threat intelligence to build a data-driven defense plan for your board and gain the upper hand against adversaries. Check out the white paper
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5