Top suspect in OPERA1ER cybercrime operation arrested in Africa

A “suspected senior member” of the French-speaking OPERA1ER cybercrime gang is in custody, international police announced Wednesday.

The suspect, who was not named, was arrested in early June in Côte d’Ivoire, Interpol said. OPERA1ER stole at least $11 million and as much as $30 million “in more than 30 attacks across 15 countries in Africa, Asia and Latin America” dating back to 2018, authorities said.

The arrest follows an in-depth report in November by cybersecurity company Group-IB about the group’s attacks on financial institutions and mobile banking services with malware, phishing campaigns and business email compromise (BEC) scams.

Symantec followed in January with similar research, labeling the group Bluebottle. Other aliases for OPERA1ER include NX$M$, DESKTOP Group and Common Raven, Interpol said.

The investigation, labeled Operation Nervone, included multiple parties, including Afripol, Group-IB and Côte d’Ivoire’s Direction de l'Information et des Traces Technologiques (DITT).

“Additional information was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, confirming a number of leads,” Interpol said.

Operations against West African cybercrime groups include arrests of suspected SilverTerrier scammers in 2022, a series of indictments in U.S. courts and recent convictions in scams going back nearly a decade. Nigerian influencer Ramon Abbas was sentenced to more than a decade in November for online scams.

“Any attempt to investigate a sophisticated threat actor such as OPERA1ER, which stole millions from financial service companies and telecom providers across the world, requires a highly coordinated effort between public and private sector bodies,” Group-IB CEO Dmitry Volkov said in a news release.