Ivory Coast’s DITT Arrests A Senior “OPERA1er” Group Kingpin Linked To Cybercrime Around The World
An alleged senior member (kingpin) of the cybercriminal group “OPERA1er” linked to attacks on financial institutions across Africa, Latin America and Asia, has been arrested in Abidjan, Côte d’Ivoire. To achieve this arrest, Côte d’Ivoire’s Directorate of Informatics and Technological Traces (DITT) worked with INTERPOL Global Complex for Innovation (IGCI) Singapore, AFRIPOL, and Group-IB.
This is a significant blow to the criminal activities of the “OPERA1er” cartel
An alleged senior official of this OPERA1er cybercriminal organization, who allegedly stole about $11 million in more than 30 attacks in 15 countries in Africa, Latin America, and Asia, was arrested in early June 2023 in Abidjan as part of a joint operation by Côte d’Ivoire’s Directorate of Computer Science and Technological Traces (DITT). INTERPOL Global Complex for Innovation (IGCI) Singapore, AFRIPOL and Group-IB.
Announced by INTERPOL, this arrest of the OPERA1er senior is the result of several years of collaboration. It was Group-IB that first detected phishing attacks in 2018 that aimed to spread malware against financial institutions and mobile banking services. This information shared with INTERPOL was complemented by information from the U.S. Secret Service’s Criminal Investigations Division and cybersecurity researchers from Booz Allen Hamilton DarkLabs. All within the framework of an operation called “NERVONE” which made it possible to follow the actions of cybercriminals and lead to the present arrest.
The OPERA1er Arrest According to Interpol
Over the last four years, OPERA1er, a highly-organized criminal organization has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams.
Known as OPERA1ER, with aliases such as NX$M$, DESKTOP Group and Common Raven, the group is believed to have stolen an estimated USD 11 million – potentially as much as 30 million – in more than 30 attacks across 15 countries in Africa, Asia and Latin America.
A detailed overview of OPERA1ER’s methods was published by Group-IB and Orange S.A. in November 2022. Following extensive cooperation, INTERPOL, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT) are announcing the arrest of a suspected senior member of the group, dealing a significant blow to their criminal activities
While welcomed by INTERPOL’s Cybercrime Operations Directorate, this international cooperation demonstrates the power of Côte d’Ivoire’s Directorate of Informatics and Technological Traces (DITT), on which the Cybercrime Platform (PLCC) depends. For its contribution to the success of investigations and in the conduct of projects, DITT was honored in early June by INTERPOL at the inauguration of the premises of the Police Information Processing Centre (CTIP) in Côte d’Ivoire.
A month before this distinction, it was the General Directorate of the National Police in charge of the Judicial Police (DGACPJ) that expressed its gratitude to him, awarding him a trophy for all the support provided during the resolution of the OPERA1er cases.
Led by Colonel-Major Guelpétchin Ouattara, the DITT is on all fronts of cybersecurity. Digital Forensics Laboratory (LCN), networks, data centers, security operations center (SOC), artificial intelligence… Every effort is being made to secure Ivorian cyberspace and collaborate with international organizations engaged in the fight against cybercrime.
OPERA1er Arrest – How it was Done!
The OPERA1er group’s illicit e-mail campaigns were first detected by Group-IB in 2018 when they recognized spear phishing operations responsible for spreading malware such as remote access tools.
Under the auspices of Operation Nervone, INTERPOL’s Cybercrime Directorate, Group-IB, and third-party stakeholder Orange exchanged intelligence about OPERA1er which helped track the group’s behaviors and identify a probable location for their activities.
Additional information was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, confirming a number of leads.
In early June, authorities in Côte d’Ivoire (Ivory Coast) were able to arrest a key suspect with OPERA1er linked to attacks against financial institutions across Africa.
“Operation Nervone is a testament to what we can achieve through international collaboration and intelligence sharing. This successful operation marks a significant step in our ongoing mission to dismantle organized cybercrime networks, showcasing the power of collective action in stemming the tide against cybercrime.”
According to INTERPOL’s 2022 African Cyberthreat Assessment Report, cybercrime is a growing threat in the West Africa region, with victims located worldwide. Operation NERVONE underscores INTERPOL’s commitment to proactively combat the threat of cybercrime in the region with this operation against OPERA1er.
Operation Nervone was backed by two key INTERPOL initiatives: the African Joint Operation against Cybercrime and the INTERPOL Support Programme for the African Union in relation to AFRIPOL, funded by the United Kingdom’s Foreign, Commonwealth & Development Office and Germany’s Federal Foreign Office, respectively.