Interpol announced the arrest of a suspected key member of the OPERA1ER cybercrime ring believed to have stolen millions of dollars from organizations in the financial sector over the past four years.

The suspect, who was not named was arrested in Côte d’Ivoire in early June as part of an international law enforcement operation called “Operation Nervone.”

Known as NX$M$, DESKTOP Group, Common Raven, and Bluebottle, the group has been in operation since at least 2018 and is believed to have stolen potentially as much as $30 million in more than 30 attacks across 15 countries in Africa, Asia and Latin America. The group targets financial institutions and mobile banking services with malware, phishing campaigns and business email compromise (BEC) scams.

The group makes extensive use of living off the land, dual-use tools, and commodity malware, Symantec said in its January report detailing the Bluebottle attacks against French-speaking African banks.

According to Interpol, cybercrime is a growing threat in the West Africa region, with some of the prominent cyber threats being business email compromise, phishing, ransomware attacks, banking trojans and stealers, online scams, and cyber extortion.