A suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise (BEC) campaigns, has been detained by law enforcement.
Known as OPERA1ER, with aliases such as NX$M$, DESKTOP Group, and Common Raven, the group is believed to have stolen an estimated USD 11 million – potentially as much as 30 million – in more than 30 attacks across 15 countries in Africa, Asia, and Latin America.
A detailed overview of OPERA1ER’s methods was published by Group-IB and Orange S.A. in November 2022. Following extensive cooperation, INTERPOL, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT) are announcing the arrest of a suspected senior member of the group, dealing a significant blow to their criminal activities.
How it happened
The group’s illicit e-mail campaigns were first detected by Group-IB in 2018, when they recognized spear phishing operations responsible for spreading malware such as remote access tools. Under the auspices of Operation Nervone, INTERPOL’s Cybercrime Directorate, Group-IB, and third-party stakeholder Orange exchanged intelligence which helped track the group’s behaviors and identify a probable location for their activities.
Additional information was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, confirming a number of leads.
In early June, authorities in Côte d’Ivoire were able to arrest a key suspect linked to attacks against financial institutions across Africa. According to INTERPOL’s 2022 African Cyberthreat Assessment Report, cybercrime is a growing threat in the West Africa region, with victims located worldwide. Operation NERVONE underscores INTERPOL’s commitment to proactively combat the threat of cybercrime in the region.
“Operation Nervone is a testament to what we can achieve through international collaboration and intelligence sharing. This successful operation marks a significant step in our ongoing mission to dismantle organized cybercrime networks, showcasing the power of collective action in stemming the tide against cybercrime.”
Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations
Operation Nervone was backed by two key INTERPOL initiatives: the African Joint Operation against Cybercrime and the INTERPOL Support Programme for the African Union in relation to AFRIPOL, funded by the United Kingdom’s Foreign, Commonwealth & Development Office and Germany’s Federal Foreign Office, respectively.
How to protect yourself from Cybercrime?
There are a number of things you can do to protect yourself from cybercrime:
- Be aware of the latest phishing scams and malware attacks.
- Use strong passwords and keep them safe.
- Keep your software up to date.
- Be careful about what information you share online.
- Back up your data regularly.
If you think you have been the victim of a cybercrime, report it to the authorities immediately.
