A persistent cyber–attack campaign has emerged targeting major financial institutions in French–speaking African countries and has been active over the last two years.
The campaign was discovered by Check Point Research (CPR) and dubbed ‘DangerousSavanna.’ It relied on spear phishing techniques to initiate infection chains.
The threat actors reportedly sent malicious attachment emails in French to employees in Ivory Coast, Morocco, Cameroon, Senegal and Togo utilizing diverse file types, including PDF, Word, ZIP and ISO files, to lure victims.
Further, DangerousSavanna hackers used lookalike domains, impersonating other financial institutions in Africa, such as the Tunisian Foreign Bank and Nedbank.
In the advisory detailing some of DangerousSavanna’s recent attacks, CPR provided companies with advice on preventing spear phishing attacks. These techniques include keeping systems up to date, implementing multi-factor authentication (MFA), confirming suspicious email activity before interacting, educating employees and regularly testing their cybersecurity knowledge
