Bluebottle Group Continues Attacks on Banks in Francophone Africa

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Bluebottle is a cybercrime group that has been targeting banks in French-speaking countries in Africa. The group uses a variety of tactics, including living off the land, dual-use tools, and commodity malware, but no custom malware. The group has been active since at least mid-2019, and has stolen at least $11 million in the course of 30 targeted attacks.