A French-speaking criminal group codenamed OPERA1ER has pulled off more than 30 cyber-heists against telecom organizations and banks across Africa, Asia, and Latin America, stealing upwards of $30 million over four years, according to security researchers.
The robberies start with targeted emails that trick staff at these businesses into running backdoor malware, keyloggers, and password stealers, according to Group-IB's threat intel team, working with French telecom company Orange's CERT Coordination Center. Crooks use the stolen credentials from these software nasties to gain admin-level credentials to Windows domain controllers on the network and banks' back-end applications such as their SWIFT messaging clients, which financial institutions use to send and receive details of transactions from one another. After the initial intrusion, the stealthy smooth operators use tools including Cobalt Strike and Metasploit to maintain persistence and stay on the network for three to 12 months, slyly moving people's money between accounts before eventually withdrawing funds from ATM, we're told.
In one robbery, "a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs," the researchers wrote in
a report this month. Upon further investigation, the analysts discovered the money mules had been recruited up to three months in advance, they added. "It was obvious that the attack was very sophisticated, organized, coordinated and planned over a long period of time."
www.theregister.com
