Suspected OPERA1ER hacking group member arrested

BleepingComputer reports that a suspected high-ranking member of the French-speaking OPERA1ER cybercrime operation, also known as Common Raven, NX$M$, and DESKTOP Group, was confirmed by Interpol to have been arrested in Cote d'Ivoire in West Africa early last month following a joint law enforcement operation dubbed "Operation NERVONE" conducted with the U.S. Secret Service's Criminal Investigative Division, Group-IB, Booz Allen Hamilton DarkLabs, and telecommunications provider Orange. More than 35 attacks around the world have been conducted by OPERA1ER between 2018 and 2022, enabling threat actors to amass $11 million to $30 million, findings from Orange and Group-IB revealed. OPERA1ER's attacks involve the distribution of spear-phishing emails to facilitate the deployment of BitRAT, AgentTesla, Netwire, and other initial-stage malware strains. "Any attempt to investigate a sophisticated threat actor such as OPERA1ER, which stole millions from financial service companies and telecom providers across the world, requires a highly coordinated effort between public and private sector bodies. The success of Operation Nervone exemplifies the importance of threat data exchange, and thanks to our collaboration with INTERPOL, Orange-CERT-CC and private and public sector partners, we were collectively able to piece together the whole puzzle," said Group-IB CEO Dmitry Volkov.