BleepingComputer reports that a suspected high-ranking member of the French-speaking OPERA1ER cybercrime operation, also known as Common Raven, NX$M$, and DESKTOP Group, was confirmed by Interpol to have been arrested in Cote d'Ivoire in West Africa early last month following a joint law enforcement operation dubbed "Operation NERVONE" conducted with the U.S. Secret Service's Criminal Investigative Division, Group-IB, Booz Allen Hamilton DarkLabs, and telecommunications provider Orange.
More than 35 attacks around the world have been conducted by OPERA1ER between 2018 and 2022, enabling threat actors to amass $11 million to $30 million, findings from Orange and Group-IB revealed. OPERA1ER's attacks involve the distribution of spear-phishing emails to facilitate the deployment of BitRAT, AgentTesla, Netwire, and other initial-stage malware strains.
"Any attempt to investigate a sophisticated threat actor such as OPERA1ER, which stole millions from financial service companies and telecom providers across the world, requires a highly coordinated effort between public and private sector bodies. The success of Operation Nervone exemplifies the importance of threat data exchange, and thanks to our collaboration with INTERPOL, Orange-CERT-CC and private and public sector partners, we were collectively able to piece together the whole puzzle," said Group-IB CEO Dmitry Volkov.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.