Select Page

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022.

“The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign,” Symantec, a division of Broadcom Software, said in a report shared with The Hacker News.

The cybersecurity firm said the activity shares overlaps with a threat cluster tracked by Group-IB under the name OPERA1ER, which has carried out dozens of attacks aimed at banks, financial services, and telecom companies in Africa, Asia, and Latin America between 2018 and 2022.

The attribution stems from similarities in the toolset used, the attack infrastructure, the absence of bespoke malware, and the targeting of French-speaking nations in Africa. Three different unnamed financial institutions in three African nations were breached, although it’s not known whether Bluebottle successfully monetized the attacks.

The financially motivated adversary, also known by the name DESKTOP-GROUP, has been responsible for a string of heists totalling $11 million, with actual damages touching $30 million.

images from Hacker News