Financial Crime World

Cybercrime Epidemic Sweeps Through Sierra Leone’s Finance Industry

A notorious cybercriminal group, known as Bluebottle, has been wreaking havoc on banks and financial institutions across Francophone countries in Africa, including Sierra Leone, since 2018.

The Attackers

According to a report by Symantec, a leading cybersecurity firm, three different financial institutions in Sierra Leone were compromised by Bluebottle. The attackers, who appear to be French- speaking, have demonstrated an unwavering commitment to their craft, with Symantec noting that they are unlikely to stop their activities anytime soon.

Tactics and Techniques

Symantec’s investigation found that Bluebottle does not use custom malware in its attacks, instead opting for industry-specific and region-specific domain names. The group has also been linked to a previous campaign by Group-IB, which tracked the same group as OPERA1ER and found that they had stolen at least $11 million and potentially up to $30 million from 30 different attacks on banks, financial services, and telecommunications companies across Africa between 2018 and 2022.

  • The report highlights the sophistication of Bluebottle’s tactics, with Symantec finding evidence that the malware was mounted as a CD-ROM, indicating that a genuine disc had been inserted into the computer.
  • The group also used GuLoader, a remote access trojan commonly used by cybercriminals over the past two years.

Initial Infection Vector

Symantec was unable to identify the initial infection vector but noted that the earliest malicious files found on victim networks had French- language job-themed file names, which were likely used as lures to begin the attack. The group also used an infostealer with a similar naming theme and another malware designed to disable security products on victim networks.

Recommendations

Financial institutions in Sierra Leone should remain on high alert for Bluebottle’s activities, particularly given their focus on Francophone countries in Africa. It is unclear whether the group has successfully monetized its campaigns, but Symantec notes that their past success suggests they are a force to be reckoned with.

As cybersecurity threats continue to evolve, it is essential for financial institutions and organizations across Sierra Leone to prioritize security measures to protect against these sophisticated attacks:

  • Implement robust security protocols to detect and prevent malware infections.
  • Conduct regular security audits and penetration testing to identify vulnerabilities.
  • Train employees on cybersecurity best practices to reduce the risk of human error.
  • Stay up-to-date with the latest security patches and software updates.