Over the last two years, a persistent cyber-attack campaign targeting major financial institutions in French-speaking African countries has surfaced.
Check Point Research (CPR) discovered the campaign and termed it 'DangerousSavanna.' To start infection chains, it used spear phishing techniques.
The threat actors allegedly sent malicious attachment emails in French to employees in Ivory Coast, Morocco, Cameroon, Senegal, and Togo, using a variety of file types to entice victims, including PDF, Word, ZIP, and ISO files.
DangerousSavanna hackers also used lookalike domains to impersonate other African financial institutions such as Tunisian Foreign Bank and Nedbank.
Sergey Shykevich, threat intelligence group manager at CPR explained, "Our suspicion is that this is a financially motivated cybercriminal, but we don't have conclusive evidence yet. Whoever it is, this threat actor, or group of actors, is highly targeted and persistent in infecting specific victims, and right now, we are aware of at least three major financial corporations that operate in these countries that have been affected."
Furthermore, the cybersecurity expert stated that Check Point's assessment indicates that this actor will continue to try to break into its targeted companies until vulnerabilities are discovered or employees make a mistake.
"Usually, when a hacker targets financial institutions directly, their main goal is to secure access to core banking systems such as payment card issuing systems, SWIFT transfers and ATM control systems," Shykevich added.
In general, the Check Point executive stated that cyber-criminals believe that the fragile economies of some African countries are linked to a lack of cybersecurity investment.
"But the finance and banking sector is actually one of the most impacted industries worldwide, experiencing 1144 weekly cyber–attacks on average," Shykevich explained.
CPR provided companies with advice on preventing spear phishing attacks in an advisory detailing some of DangerousSavanna's recent attacks. These methods include keeping systems up to date, implementing multi-factor authentication (MFA), confirming suspicious email activity before interacting, educating employees, and testing their cybersecurity knowledge on a regular basis.
The DangerousSavanna warning comes just weeks after cybersecurity firm Vade revealed that banks around the world received the majority of phishing attacks in the first half of 2022.
