A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years.
The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force’s Cybercrime Police Unit in December 2021.
Cybersecurity firms Group-IB and Palo Alto Networks’ Unit 42, both of which shared information on the threat actors and their infrastructure, said six of the 11 suspects are believed to be a part of a prolific group of Nigerian cyber actors known as SilverTerrier (aka TMT).
BEC attacks, which began to gain dominance in 2013, are sophisticated scams that target legitimate business email accounts through social engineering schemes to infiltrate corporate networks and subsequently leverage their access to initiate or redirect the transfer of business funds to attacker-controlled bank accounts for personal gain.
“One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop,” Interpol said in a statement. “Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.”
SilverTerrier has been linked to 540 distinct clusters of activity to date, with the collective increasingly adopting remote access trojans and malware packaged as Microsoft Office documents to mount their attacks. Unit 42, in a report published in October 2021, said it identified over 170,700 samples of malware directly attributed to Nigerian BEC actors since 2014.
images from Hacker News