Check Point research has identified a persistent cyber-attack campaign it calls DangerousSavanna targeting major financial institutions in French-speaking African countries. According to the cybersecurity firm, the campaign has been active for the past two years and focuses on spear phishing techniques to initiate infection chains. The threat actors behind the attacks delivered malicious attachment emails written in French to employees in the Ivory Coast, Morocco, Cameroon, Senegal, and Togo. The attachments were delivered in diverse file types such as PDF, Word, ZIP, and ISO files, according to cybersecurity researchers.

The group also leveraged a common phishing tactic, impersonation, and masqueraded as the Tunisian Foreign Bank and Nedbank to gain the target’s trust and make the emails more believable. Check Point stated that although they do not have conclusive evidence yet, it is likely that the campaign is financially motivated based on the targets and methods chosen. The threat actor will likely continue to attempt to break into targeted campaigns until it identifies weakness or an employee makes a critical mistake.

Read More: ‘DangerousSavanna’ Hackers Targeted Financial Institutions in Africa For Two Years