Suspected key figure of notorious cybercrime group arrested in joint operation
ABIDJAN, Côte d’Ivoire – Over the last four years, a highly-organized criminal organization has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams.
Known as OPERA1ER, with aliases such as NX$M$, DESKTOP Group and Common Raven, the group is believed to have stolen an estimated USD 11 million – potentially as much as 30 million – in more than 30 attacks across 15 countries in Africa, Asia and Latin America.
A detailed overview of OPERA1ER’s methods was published by Group-IB and Orange S.A. in November 2022. Following extensive cooperation, INTERPOL, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT) are announcing the arrest of a suspected senior member of the group, dealing a significant blow to their criminal activities.
How it happened
The group’s illicit e-mail campaigns were first detected by Group-IB in 2018, when they recognized spear phishing operations responsible for spreading malware such as remote access tools.
Under the auspices of Operation Nervone, INTERPOL’s Cybercrime Directorate, Group-IB, and third-party stakeholder Orange exchanged intelligence which helped track the group’s behaviours and identify a probable location for their activities.
Additional information was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, confirming a number of leads.
In early June, authorities in Côte d’Ivoire were able to arrest a key suspect linked to attacks against financial institutions across Africa.
INTERPOL’s Assistant Director of Cybercrime Operations, Bernardo Pillot said: “Operation Nervone is a testament to what we can achieve through international collaboration and intelligence sharing. This successful operation marks a significant step in our ongoing mission to dismantle organized cybercrime networks, showcasing the power of collective action in stemming the tide against cybercrime.”
According to the INTERPOL’s 2022 African Cyberthreat Assessment Report, cybercrime is a growing threat in the West Africa region, with victims located worldwide. Operation NERVONE underscores INTERPOL’s commitment to proactively combat the threat of cybercrime in the region.
Operation Nervone was backed by two key INTERPOL initiatives: the African Joint Operation against Cybercrime and the INTERPOL Support Programme for the African Union in relation to AFRIPOL, funded by the United Kingdom’s Foreign, Commonwealth & Development Office and Germany’s Federal Foreign Office, respectively.
Pix and Story — Interpol