The suspected top member of the cybercrime group OPERA1ER has been arrested for playing a part in the group stealing up to an estimated $30 million in a variety of scams against financial and telecommunications organizations — including malware, phishing, and business email compromise (BEC).

The group, which also operates under aliases BlueBottle, NX$M$, DESKTOP Group, and Common Raven, is allegedly behind 30 attacks across 15 countries in Africa, Asia, and Latin America, according to Interpol.

Interpol announced that the investigation, code named “Operation Nervone,” followed a detailed overview of the group’s activities published in November 2022 by Group-IB and Orange S.A. The arrest of the individual, who was not named, entailed extensive cooperation between Interpol, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT), the agency said.

“We have been tracking OPERA1ER since 2019,” Dmitry Volkov, CEO at Group-IB, said in a statement provided to Dark Reading. “The success of Operation Nervone exemplifies the importance of threat data exchange, and thanks to our collaboration with Interpol, Orange-CERT-CC, and private and public sector partners, we were collectively able to piece together the whole puzzle.”