In 2019, Group-IB Threat Intelligence team detected a series of targeted attacks on financial organizations in Africa. Later in 2020, our professionals in collaboration with Orange, managed to piece together the seemingly disparate attacks into a single timeline and successfully attribute them to the threat actor codenamed OPERA1ER (also known as DESKTOP-GROUP, Common Raven, NXSMS).
In 2021, together with Orange CERT-CC, Group-IB got an idea to release a comprehensive report (now known as “OPERA1ER. Playing God without permission”) which would thoroughly describe this persistent threat, map out all TTPs and methods this criminal syndicate leverages that remained unnoticed in the network for years.
Active and dangerous throughout 2018 – 2022, the French-speaking gang managed to carry out over 30 successful attacks on banks, financial services and telecommunications companies, mainly located in Africa. During this period OPERA1ER is confirmed to have stolen at least $11 million.