HOME
NEWS

Hackers target major financial institutions in French-speaking African countries over the last two years


By VARINDIA - 2022-09-06
Hackers target major financial institutions in French-speaking African countries over the last two years

Check Point Research (CPR) reveals a persistent cyberattack campaign targeting major financial institutions in French-speaking African countries for the past two years. Dubbed ‘DangerousSavana’, the attackers use spear-phishing techniques to initiate infection chains, sending malicious attachment emails in French to employees in Ivory Coast, Morocco, Cameroon, Senegal, and Togo. Diverse file types, such as PDF, Word, ZIP and ISO files, are used to lure victims. CPR suspects the hackers are financially motivated and warns of their persistence, diversification and iterative nature.

 

Hackers used lookalike domains, impersonating other financial institutions in Africa such as the Tunisian Foreign bank and Nedbank

Threat campaign heavily focused on the Ivory Coast these last few months

CPR shares example of malicious email and timelines of infection chains and lure documents

 

Check Point Research (CPR) has uncovered a persistent cyberattack campaign targeting major financial institutions in French-Speaking African countries for the past two years.

 

Dubbed ‘DangerousSavana’ by CPR, the attackers use spear-phishing to initiate infection chains, sending malicious attachment emails in French to employees in Ivory Coast, Morocco, Cameroon, Senegal, and Togo. The threat campaign heavily focused on the Ivory Coast these last few months.

 

Attack Methodology:

The infection starts with spear-phishing emails written in French, usually sent to several employees of the targeted companies. Since 2021, the hackers have been attaching malicious files to their phishing emails. These documents are either Word documents with macros, documents with a remote template (or, in some cases a few layers of external templates), or PDF documents, which lure the victim to download and then manually execute the next stage.

 

After the victim opens the file, it communicates with malicious C&C servers and downloads frameworks like Metasploit or PoshC2 that allow the threat actors to do nearly whatever they want in the victim network.

 

In the early stages of the campaign, the phishing emails were sent using Gmail and Hotmail services. To increase their credibility, the actors began to use lookalike domains, impersonating other financial institutions in Africa such as the Tunisian Foreign bank, Nedbank, and others. For the last year, the actors also used spoofed email addresses of a local insurance advisory company.

 

Figure 1. Example of a phishing email in which the actors used the name of an existing employee at the impersonated company

Quote: Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:

"We have discovered a persistent threat actor targeting major financial institutions over at least the last two years in the French-speaking African countries. Our suspicion is that this is a financially motivated cybercriminal, but we don’t have conclusive evidence yet. Whoever it is, this threat actor, or group of actors, is highly targeted and persistent in infecting specific victims and right now, we are aware of at least three major financial corporations that operate in these countries that have been affected. Our assessment shows that this actor will continue trying until a weakness is found, or until an employee makes a mistake.

 

Usually when a hacker targets financial institutions directly, their main goal is to secure access to core banking systems such as payment card issuing systems, SWIFT transfers and ATM control systems. Cybercriminals believe that fragile economies in some parts of Africa may be a factor at play with consequent lack of investment in cyber security. But the finance and banking sector is actually one of the most impacted industries worldwide, experiencing 1,144 weekly cyberattacks on average."

 

Cyber Safety Tips:

To better protect against spear-phishing attacks, CPR recommends to:

Keep your systems up-to-date with the latest security patches

Implement multi-factor authentication wherever possible

Confirm suspicious email activity before interacting with it

Educate your employees and regularly test their knowledge

 

Appendix:

 

Check Point Software Contacts

Agency Contacts

Audrey Pereira-Loong
E-mail: press@us.checkpoint.com

Mansi Rawat
Phone: 96675 56035
E-mail: mansi.rawat@archetype.co

Ankita Sahani
Phone: 9040494928
E-mail: ankita.sahani@archetype.co

 

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA