French Threat Group Steals $11M

New research from Group-IB on OPERA1ER shows the threat group has stolen at least $11 million from banks and telecommunication services providers. The OPERA1ER obtained initial access via phishing emails and would spend 3 to 12 months inside compromised networks, performing lateral phishing attacks and studying internal documentation to understand money transfers.

Mike Fleck, Senior Director of Sales Engineering at Cyren:

     “Combining phishing, malware, and account takeover is a common attack chain. What seems to differ is the motivation of the attackers. A bad actor doing a “spray and pray” campaign will grab whatever data is available once they’ve takeover an account (e.g. recent GitHub account compromise at Dropbox). However, it’s the determined and targeted attacks that pivot off the initial access to launch a more profitable/damaging follow on. Regardless, phishing remains an unsolved issue and a precursor for data breaches and financial losses.”

Clearly OPERA1ER is a dangerous group that needs to be monitored as I can see them evolving to be even more dangerous over time. In the meantime, the report is very much worth your time to read.

UPDATE: Dr. Darren Williams, CEO and Founder, BlackFog had this comment:

     “The Ransomware as a Service model is alive and well and is now the defacto standard for cybercriminals. This gives hackers the ability to leverage the best tools available at any moment in time for a percentage of the takings. This latest attack with gains of $11m just proves how viable this model really is. It also clearly demonstrates that existing EDR based solutions offer too little, too late to really protect the organizations key asset, its data. As we can see from these attacks, once a hacker has gained access to the network, lateral movement and data exfiltration plays a key role in the success of the attack. Organizations should be focused not only on defensive approaches, but also on anti data exfiltration to protect any possible lateral movement or data loss to prevent any attempt of data extortion.”

Leave a Reply

%d bloggers like this: