Financial Crime World

Cybercrime in Finance Industry Rocks Sierra Leone as Global Gang Steals Millions

A sophisticated cybercrime group, known as OPERA1ER, has stolen millions of dollars from banks and financial institutions across Africa, Asia, and Latin America over the past four years, with Sierra Leone being one of the affected countries.

Global Scope of the Attacks

The French-speaking gang used high-quality spear phishing and off-the-shelf tools to carry out more than 30 attacks, netting an estimated $30 million. The group targeted banks and other institutions in at least 15 countries, including:

  • Sierra Leone
  • Ivory Coast
  • Mali
  • Burkina Faso
  • Benin
  • Cameroon
  • Bangladesh
  • Gabon
  • Niger
  • Nigeria
  • Paraguay
  • Senegal
  • Uganda
  • Togo
  • Argentina

Modus Operandi

According to a report published by cybersecurity firm Group-IB, OPERA1ER works its way into various accounts, gains control of them, and then moves money into accounts it controls before cashing out primarily through ATM withdrawals. The group has utilized a vast network of 400 mule accounts, controlled by money mules hired to cash out stolen funds.

Tools Used

The report’s findings offer a detailed look at the tools used by the criminal group to successfully steal millions of dollars from banks over several years. These tools include:

  • High-quality spear phishing
  • Off-the-shelf tools

Impact on Financial Industry

The group’s activities highlight the need for increased vigilance and cooperation among financial institutions, law enforcement agencies, and cybersecurity firms to combat this growing threat. Federal Reserve Chairman Jerome Powell has warned that “cyber risk” represents a top threat to financial institutions.

Statistics

  • Since 2007, there have been approximately 200 known cyber incidents targeting banks and financial institutions.
  • Last year, the group netted at least $11 million from their attacks but may have made off with nearly three times that amount.

Mitigation Efforts

Group-IB’s European Threat Intelligence Unit identified and reached out to 16 affected organizations to mitigate the attacks and prevent further activity. At least two of the victim banks were successfully breached by the attackers, who gained access to the banks’ SWIFT messaging interface. However, SWIFT itself was not compromised in the attacks.

Conclusion

The cybercrime group’s activities demonstrate the global nature of this risk, with cybercrime affecting financial institutions worldwide. It is essential for financial institutions, law enforcement agencies, and cybersecurity firms to work together to combat this growing threat and prevent future attacks.