Over the past two years, a sustained DangerousSavanna hackers targeting important financial institutions in French-speaking African countries has been active.
Check Level Analysis (CPR) discovered the campaign, which it named DangerousSavanna. In order to start an infection chain, it used spear phishing techniques.
The threat actors allegedly used a variety of file types, including PDF, Phrase, ZIP, and ISO data, to tempt victims by sending damaging attachment emails in French to employees in the Ivory Coastline, Morocco, Cameroon, Senegal, and Togo.
Additionally, DangerousSavanna hackers used clone sites to impersonate other financial institutions in Africa, including the Tunisian Overseas Lender and Nedbank.
Sergey Shykevich, the threat intelligence group supervisor at CPR, said, our suspicion is a financially motivated cyber-criminal. But there is no clear evidence still.
“Whoever it is, this threat actor, or set of actors, is incredibly targeted and persistent in infecting specific victims. At this time, at least 3 significant money-related businesses operating in these nations have been affected.
The cybersecurity expert said looking at Point’s analysis shows that the DangerousSavanna hackers keep trying to break into targeted firms until flaws are found or staff members make a mistake.
The Matter
According to Shykevich, often, when a hacker explicitly targets financial institutions, their major objective is to safeguard admission to essential banking techniques. The payment card issuing devices, SWIFT transfers, and ATM regulate procedures.
The Examine Position CEO said cybercriminals think that the weak economics of some African nations would lack investment in cybersecurity.
But the finance and the banking sector is the most affected businesses around the world with 1144 weekly cyber-attacks.
CPR provided providers with guidance on avoiding spear phishing attacks in the report describing some of DangerousSavanna’s most recent attacks. These methods include keeping equipment current, establishing multi-factor authentication (MFA), and verifying suspected email activity. Before interacting, educating personnel, and routinely testing their grasp of cybersecurity.
The DangerousSavanna warning comes just weeks after cybersecurity company Vade discovered financial institutions globally were the target of the majority of phishing assaults during the first half of 2022.