Unit 42 researchers have identified a series of cyberattacks targeting financial organizations in Africa, attributed to a threat actor known as CL-CRI-1014, who appears to gain initial access to these institutions and sell it on the dark web. The attackers utilize a range of open-source tools, employing sophisticated techniques to disguise their operations and evade detection, while focusing on establishing footholds within these networks.