"APT Group Pilfers $11 Million From Africa, Asia, Latin America Using Spear Phishing Emails"
Group-IB recently published a report detailing the activities of the "OPERA1ER" Advanced Persistent Threat (APT) group, which is known for spear phishing emails, but it is unique in that it targets less economically developed countries in Africa, Asia, and Latin America. The APT group is suspected to be based in Africa because of the language used in its messages and its target selection. It has been difficult to track down, even though it has been active since 2018 and has carried out over a dozen successful attacks in some of those years. This APT group has been responsible for 35 known attacks totaling at least $11 million in damage. According to Group-IB, the actual amount could be as much as $30 million. The group primarily focuses on African countries and prefers businesses in the financial services, banking, and telecommunications industries. However, it is not afraid to occasionally venture outside of its comfort zone. With spear phishing campaigns, the group has also targeted businesses in Bangladesh, Paraguay, and Argentina. One distinguishing feature of the APT group is that it appears to use only off-the-shelf tools, rather than developing its own malware or ransomware. It is unusual for a group that does not build its own tools to last this long or be this financially successful. Part of that success is likely due to careful target selection in areas that do not see as many daily attempts as the world's largest economies. Another key to its success is a large network of "money mule" accounts used to make withdrawals and funnel funds to the APT group. Their spear phishing strategy is also referred to as "high quality," as it accurately imitates official government notices and communications from major banks. This article continues to discuss details surrounding the OPERA1ER APT group.