OPERA1ER used Off-the-shelf tools to steal millions from financial service and telecommunications

A collaboration between Orange CERT-CC and Group-IB has resulted in an awesome report on a French speaking cybercriminal group located in Africa. The cybercriminal group got dubbed ‘OPERA1ER‘.

The investigation started in 2019, at this moment Orange CERT-CC and Group-IB got in contact to discuss potential findings and info with each other. In the report, they explain how the OPERA1ER group attacked at least 15 countries, with over 30+ cyberattacks in the past 5 years. The damage of these cyberattacks resulted in over 30 million dollar in damages.

OPERA1ER is also known by the following synonyms:

  • Desktop-Group
  • Common Raven

According to the research performed by Group-IB and Orange CERT-CC, the OPERA1ER group is a financially motivated group. They actively target payment gateways and SWIFT interfaces.


  • Financial services
  • Mobile banking services
  • Telecom companies
  • Banks
Close-up of dried, cracked earth.

Download the Group-IB and Orange CERT-CC report on OPERA1ER

Group-IB and Orange CERT-CC have made the report available for anyone to download. Extract TTPs, IOC and more to protect your assets against OPERA1ER.

Share This Message