OPERA1ER: Playing God Without Permission
← Research Hub

OPERA1ER: Playing God Without Permission

The group relied solely on known “off-the-shelf” tools to steal millions from financial service and telecommunications companies. In total they managed to carry out at least 30 successful attacks Africa, Latin America, and Asia between 2019 and 2021.


30+ attacks

attributed to OPERA1ER

$30 million

in estimated demages

15 countries

where OPERA1ER struck

5 years

of operation


The report “OPERA1ER. Playing God without permission” takes a deep dive into the recent operations of the prolific cybercrime syndicate that is confirmed to have stolen at least $11 million since 2019 in 30 targeted attacks with basic toolset. Although African banks were the most frequent victims, highly targeted campaigns have also been observed against many other industry verticals in different geographic regions.

Successful investigation into the attacks of OPERA1ER became possible thanks to a long-standing partnership between Group-IB Threat Intelligence Team and the Orange CERT Coordination Center (Orange-CERT-CC), in-house operational organization responsible for managing IT security incidents of the Orange Group, a multinational telecommunications operator.

In this report

The timeline and geographyThe timeline and geography

Where and how they struck; and the length of time it took from gaining initial access to an organization to committing fraud.

The kill chain used to commit cyber crimeThe kill chain used to commit cyber crime

Follow the steps taken to discover how the attacks were committed. See how cooperation between cyber security organizations was able to uncover the activity.

Tactics, techniques and proceduresTactics, techniques and procedures

Learn how they gained access to networks and what was unique about their attacks; and how to protect your business from similar attacks.
OPERA1ER can prepare the attack for up to one year, studying the internal network of the organization, as well as learning how the digital banking systems were designed and planning the withdrawal of money. This time is also quite enough to identify the anomaly in the network and take measures to localize the incident.

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.