Africa Cyber Surge Operation: Group-IB Assists INTERPOL-led Operation To Combat Cybercrime On Continent

In image: Group-IB’s Kristina Ivanova participates in INTERPOL’s ACSO Debrief Meeting in Mauritius

Group-IB, one of the global leaders in cybersecurity, has contributed to  the INTERPOL-led Africa Cyber Surge Operation (ACSO), an all-encompassinginvestigative, operational, and educational program created by INTERPOL in close collaboration with AFRIPOL, and INTERPOL’s private sector cybersecurity partners. During the four-month operation, Group-IB provided timely cyber threat intelligence to facilitate cooperation between INTERPOL’s Cybercrime Directorate, INTERPOL’s Support Program for the African Union, AFRIPOL, and INTERPOL’s African member countries. This was done to coordinate efforts aimed at combating the growing threat of cybercrime on the African continent, mitigating the latest cyber threats, and assisting law-enforcement agencies by sharing best practices on how to prevent cyberattacks and bring action against perpetrators. Group-IB’s cyber investigations team also presented at the INTERPOL’s 9th Africa Working Group Meeting in Kigali, Rwanda and in an ACSO Debrief Meeting in Mauritius.

The Africa Cyber Surge Operation, a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure, was launched in July 2022. The operation’s strategic goal was to enhance cooperation between African law enforcement agencies to prevent, mitigate, investigate, and pursue threat actors. Several key results of the operation included the arrest of 10 individuals linked to scam and fraud activities worth $800,000, the takedown by the authorities in Eritrea of a darknet market that was selling hacking tools, and action taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa.

Group-IB, a private-sector partner, was invited to participate in ACSO in light of the significant contribution made by Group-IB’s Investigation Department to several major cybercrime investigations on the African continent. For this operation, Group-IB collected information about malicious and phishing network infrastructure hosted within member countries in Africa. Group-IB investigators leveraged the company’s sector-leading Threat Intelligence to produce a detailed report along with recommendations for the member countries.

This research as well as investigation tactics were shared with INTERPOL and African member countries at INTERPOL’s 9th Africa Working Group Meeting in Kigali, Rwanda, by Group-IB’s Deputy Head of APAC High-Tech Crime Investigation Department, Kristina Ivanova. Group-IB’s analysis uncovered servers in nine African countries that hosted Botnet malware such as Mozi and Mirai, phishing infrastructure used in campaigns that impersonate some of the world’s biggest brands, public-facing databases, vulnerable content management systems, and infrastructure flagged for being used in the preparation of bulk extortion emails. Kristina also highlighted that African countries themselves are attacked by government-sponsored hackers from China, Iran, India, Pakistan, etc. Banks, financial institutions, and telecom companies in Africa have been attacked by several ransomware and financially motivated groups such as REvil (back in 2021 in South Africa), Egregorand OPERA1ER.

The operation concluded with a Debrief Meeting in Mauritius at the end of November that allowed member states to share success stories from the four-month program, along with the identification of areas for future improvement. Kristina Ivanova participated in a panel discussion where she raised the challenges of conducting cybercrime investigations and emphasized the steps for improving techniques for tracking threat actors as well as data exchange among Interpol, African countries and private partners.

Looking ahead, INTERPOL’s African member states can harness the Cybercrime Collaborative Platform – Operations, created by INTERPOL’s Cybercrime Directorate, to update on progress, share intelligence, receive support, and cooperate to ensure success. Group-IB will continue to leverage the Cybercrime Collaborative Platform to pursue its mission of fighting cybercrime on the African continent and beyond.

Ever since the 2021 opening of Group-IB’s Threat Intelligence and Research Center in Dubai, UAE, Africa has become an important focus for Group-IB from both a research and business perspective. The growing reach of the company’s threat hunting ecosystem is now allowing Group-IB to pursue its mission of disrupting cybercrime in the region. Group-IB made significant contributions to the INTERPOL-coordinated investigations Operation Delilah and Operation Falcon II, both of which led to the arrests of suspected participants in cybercrime networks on the African continent over the past 12 months. Earlier in November, Group-IB published its research into the Francophone cybercrime group codenamed OPERA1ER, who the company has linked to more than 30 successful hacking attacks on banks, telecommunications companies, and financial services providers in more than a dozen African countries. The OPERA1ER group leveraged “off-the-shelf” tools to steal at least $11 million from victims.

“The Africa Cyber Surge Operation is another example of how cybersecurity is most effective when international law enforcement, individual nations, and private sector partners cooperate to share best practices and take a proactive approach to stamping out cybercrime. Group-IB is fully committed to its zero-tolerance policy to cybercrime, and our recent participation in the Africa Cyber Surge Operation underscores our desire to collaborate with our law enforcement partners and share best practices and information on the latest cyber threats. Combating cybercrime is reliant on international cooperation, data exchange, and sharing best practices, and Group-IB’s role in this, and other international law enforcement operations, is to leverage the company’s two decades of experience and intelligence-driven research to assist law enforcement in bringing cybercriminals to justice,” Dmitry Volkov, CEO at Group-IB, said.

“The Africa Cyber Surge Operation launched in July 2022, has brought together law enforcement officials from 27 countries, working together for almost 4 months on actionable intelligence provided by INTERPOL private partners. This intelligence focused on opportunities to prevent, detect, investigate and disrupt cybercrime through coordinated LE activities utilising INTERPOL platforms, tools and channels. This operation, focused both on cyber criminals and compromised network infrastructure in Africa, allowing member countries to identify more than 1,000 malicious IP addresses, Dark Web Markets and individual threat actors, enhancing cooperation between INTERPOL, AFRIPOL and the member countries, and contributing to connecting policing for a safer world. The Debrief Meeting organized in Mauritius at the end of November, has allowed member countries to share success stories, challenges faced and areas of improvement, which will further contribute to reducing the impact of cybercrime in the region and protect communities for a safer world,” Craig Jones, Director Cybercrime Directorate at INTERPOL, said.

 Source: Group-IB