11 members of a Nigerian cybercrime gang known for perpetrating business email compromise (BEC) have been apprehended by a coordinated law enforcement operation.
This comes after a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force’s Cybercrime Police Unit in December 2021.
Group-IB and Palo Alto Networks’, two cybersecurity firms both shared information on the threat actors and their infrastructure said six of the 11 suspects are believed to be part of a prolific group of Nigerian cyber actors known as SilverTerrier (aka TMT).
BEC attacks are sophisticated scams that target legitimate business email accounts through social engineering schemes to infiltrate corporate networks and leverage their access to initiate or redirect the transfer of business funds to attacker-controlled bank accounts for personal gain.
“One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop,” Interpol said in a statement. “Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.”
SilverTerrier has been linked to 540 distinct clusters of activity to date, with the collective increasingly adopting remote access trojans and malware packaged as Microsoft Office documents to mount their attacks. Unit 42, in a report published in October 2021, said it identified over 170,700 samples of malware directly attributed to Nigerian BEC actors since 2014.
This arrest is the second edition of Operation Falcon, the first of which resulted in the arrest of three alleged members of the SilverTerrier gang in November 2020 for compromising at least 500,000 government and private sector companies in more than 150 countries since 2017.
Unit 42 researchers have stated that “BEC remains the most common and most costly threat facing our customers, over half a decade, global losses have ballooned from $360 million in 2016 to a staggering $1.8 billion in 2020.”
Organisations are advised to review network security policies, audit mail server configurations, employee mail settings and conduct employee training to ensure that wire transfer requests are validated using verified and established points of contact for suppliers, vendors and partners.”