Financial Crime World

MALI: Cybercrime Group Steals Millions from Banks Across Africa, Asia, and Latin America

A French-speaking cybercrime group has been carrying out a series of heists over the past four years, netting as much as $30 million from firms in Mali and other countries across Africa, Asia, and Latin America. The group, known as “OPERA1ER,” uses high-quality spear phishing and off-the-shelf tools to gain control of bank accounts and steal money through ATM withdrawals.

The Global Nature of Cybercrime Risk

According to a report by cybersecurity firm Group-IB, OPERA1ER has carried out over 30 attacks targeting banks, financial services, and telecommunications firms in at least 15 countries. The group’s activities demonstrate the global nature of cybercrime risk, which is a top threat to financial institutions, according to Federal Reserve Chairman Jerome Powell.

The Rise of OPERA1ER

Researchers began tracking the group in 2019 after a series of targeted attacks on financial organizations in Africa. By 2021, they were able to attribute the attacks to a single group and discovered that it had been active since 2016. The group uses a vast network of mule accounts to cash out stolen funds and has successfully targeted banks and other institutions in:

  • Mali
  • Ivory Coast
  • Burkina Faso
  • Benin
  • Cameroon
  • Bangladesh
  • Gabon
  • Niger
  • Nigeria
  • Paraguay
  • Senegal
  • Sierra Leone
  • Uganda
  • Togo
  • Argentina

The Attack Process

The group’s attacks typically involve waiting between three and 12 months before stealing money, during which time they:

  • Identify key people within the financial organizations
  • Study protections in place to prevent fraud
  • Understand back-end platform operations and cash withdrawals

Mitigating the Attacks

Group-IB’s European Threat Intelligence Unit identified and reached out to 16 affected organizations to mitigate the attacks and prevent further activity. “We shared our findings with financial organizations, identified victims, and all partners,” said Rustam Mirkasymov, head of cyberthreat research at Group-IB Europe.

Preventing Cybercrime Risk

The report highlights the need for financial institutions to take steps to protect themselves from cybercrime risk. “Cyber risk represents a top threat to financial institutions, and it’s essential that we work together to mitigate this risk and prevent these types of attacks,” said Mirkasymov.