Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

OPERA1ER: Playing God Without Permission
← Research Hub

OPERA1ER: Playing God Without Permission

The group relied solely on known “off-the-shelf” tools to steal millions from financial service and telecommunications companies. In total they managed to carry out at least 30 successful attacks Africa, Latin America, and Asia between 2019 and 2021.
Download reportView summaryWatch the webinar recording

Highlights

30+ attacks

attributed to OPERA1ER

$30 million

in estimated demages

15 countries

where OPERA1ER struck

5 years

of operation

Background

The report “OPERA1ER. Playing God without permission” takes a deep dive into the recent operations of the prolific cybercrime syndicate that is confirmed to have stolen at least $11 million since 2019 in 30 targeted attacks with basic toolset. Although African banks were the most frequent victims, highly targeted campaigns have also been observed against many other industry verticals in different geographic regions.

Successful investigation into the attacks of OPERA1ER became possible thanks to a long-standing partnership between Group-IB Threat Intelligence Team and the Orange CERT Coordination Center (Orange-CERT-CC), in-house operational organization responsible for managing IT security incidents of the Orange Group, a multinational telecommunications operator.

In this report

The timeline and geographyThe timeline and geography

Where and how they struck; and the length of time it took from gaining initial access to an organization to committing fraud.

The kill chain used to commit cyber crimeThe kill chain used to commit cyber crime

Follow the steps taken to discover how the attacks were committed. See how cooperation between cyber security organizations was able to uncover the activity.

Tactics, techniques and proceduresTactics, techniques and procedures

Learn how they gained access to networks and what was unique about their attacks; and how to protect your business from similar attacks.
OPERA1ER can prepare the attack for up to one year, studying the internal network of the organization, as well as learning how the digital banking systems were designed and planning the withdrawal of money. This time is also quite enough to identify the anomaly in the network and take measures to localize the incident.

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn more
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn more
RedCurl: The Awakening
Threat Research
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out,...
Learn moreDownload report
Cobalt: Their Evolution And Joint Operations
Threat Research
Cobalt: Their Evolution And Joint Operations
Learn about Cobalt’s development and modification of tools and tactics which were used to...
Learn moreView report
Conti Armada: The ARMattack Campaign
Threat Research
Conti Armada: The ARMattack Campaign
Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns...
Learn more