SYMBOLCOMMON_NAMEaka. SYNONYMS

Common Raven  (Back to overview)

aka: OPERA1ER, NXSMS, DESKTOP-GROUP

Threat actor Common Raven has been actively targeting financial sector institutions, compromising their SWIFT payment infrastructure to send out fraudulent payments.


Associated Families

There are currently no families associated with this actor.


References
2022-11-03Group-IBRustam Mirkasymov
@online{mirkasymov:20221103:financially:cd6ff5b, author = {Rustam Mirkasymov}, title = {{Financially motivated, dangerously activated: OPERA1ER APT in Africa}}, date = {2022-11-03}, organization = {Group-IB}, url = {https://blog.group-ib.com/opera1er-apt}, language = {English}, urldate = {2023-01-19} } Financially motivated, dangerously activated: OPERA1ER APT in Africa
Cobalt Strike Common Raven
2021SWIFTSWIFT
@online{swift:2021:swift:6631e98, author = {SWIFT}, title = {{SWIFT Report on COMMON Raven}}, date = {2021}, organization = {SWIFT}, url = {https://www2.swift.com/isac/report/10118}, language = {English}, urldate = {2021-10-05} } SWIFT Report on COMMON Raven
Common Raven
2020-11-19Rewterz Information SecurityRewterz Information Security
@online{security:20201119:rewterz:fe38c29, author = {Rewterz Information Security}, title = {{Rewterz Threat Alert – Common Raven – IOCs}}, date = {2020-11-19}, organization = {Rewterz Information Security}, url = {https://www.rewterz.com/rewterz-news/rewterz-threat-alert-common-raven-iocs}, language = {English}, urldate = {2021-10-05} } Rewterz Threat Alert – Common Raven – IOCs
BatchWiper Common Raven

Credits: MISP Project