Recently Group-IB discover APT OPERA1ER Cybercriminal which operate from Africa and active from 5 years.
Group-IB Threat Intelligence team investigate targeted attack on financial Organizations in Africa including more than 30 attack and over 30 million USD estimated damage by this cyber criminal group in his five years of operation.
Group-IB attributed this to threat actor codename OPERA1ER (Other name DESKTOP GROUP ,Common Raven, NXSMS)
Threat actor not used any complex and self developed tool in place of this they using Spear Phishing commonly available open source tools and free RATS and malware which they can get from DarkWeb.
Most of its infrastructure use free dynamic dns service like duckdns.org, ddns.net, zapto.org, hopto.org. threat actor group also used 1st level domain for the specific need like interest of subject and Phishing .
No comments:
Post a Comment