Nigerian police have arrested three suspects in Lagos believed to be members of a major organized crime group responsible for phishing and malware campaigns, and business email compromise (BEC) scams, following a joint investigation with Interpol and cybersecurity company Group-IB.
The gang allegedly developed phishing links, domains, and mass mailing campaigns in which they posed as members of various legitimate organizations with lures including purchase orders, product inquiries, and COVID-19 help.
They compromised their victims with a wide variety of malware, remote access trojans (Rats), and spyware, among them AgentTesla, Loki, Azorult, Spartan, nanocore, and Remcos, which were used to launch further scams and siphon funds.
Interpol cyber crime director Craig Jones said:
“This group was running a well-established criminal business model.
From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits.
We look forward to seeing additional results from this operation.”
The year-long investigation – dubbed Operation Falcon – took place under the auspices of Project Gateway, a framework initiative run by Interpol to gather threat intelligence from the private sector.
During the course of the probe, Interpol’s Cybercrime and Financial Crime unit worked alongside Group-IB to identify and locate the suspects, and eventually assist the Nigeria Police Force, via its National Central Bureau in the nation’s capital, Abuja, in taking them into custody.
“This cross-border operation once again showed that only effective collaboration between private sector cybersecurity companies and international law enforcement can bring evildoers to justice,” added Group-IB’s APAC cyber investigations team head, Vesta Mateeva.
“It allows overcoming regulatory differences across countries that impede threat intelligence data exchange. While further investigation is underway, we are proud of what we’ve been able to achieve thanks to coordinated efforts by Interpol with the support of Nigerian cyber police,” she said.
Group-IB said the men may have successfully compromised both public and private sector companies in over 150 companies in the space of just three years.
It has identified 500,000 targeted victims to date, located in Japan, Nigeria, Singapore, the UK, and the US.
The investigation also established that the gang which Group-IB refers to as TMT, was divided into several subgroups, and as a result, several individuals are thought to still be at large.
The firm said that the gang’s monetization efforts were still being investigated, but cautioned that it was not uncommon for cybercriminals to sell account access, alongside any sensitive data they may have been able to exfiltrate from their victims, on underground dark web forums.
Olalekan Ajimoti – Blogger, Content Writer, and Digital Marketer helping brands and retailers build 8-figure e-commerce since 2016.
As a corporate trainer, brand communications expert, and brand consultant, I help people start, stay and grow in business leveraging digital skills and traditional expertise.
