Three Nigerian nationals have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation.
The suspects are
believed to be members of a wider organized crime group responsible for
distributing malware, carrying out phishing campaigns and extensive Business
Email Compromise (BEC) scams.
According to a
statement issued by INTERPOL on Wednesday, November 25, the suspects are
alleged to have developed phishing links, domains, and mass mailing campaigns
in which they impersonated representatives of organizations.
"They then used
these campaigns to disseminate 26 malware programmes, spyware and remote access
tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos
Remote Access Trojans. These programmes were used to infiltrate and monitor the
systems of victim organizations and individuals, before launching scams and
syphoning funds. According to Group-IB, the prolific gang is believed to have
compromised government and private sector companies in more than 150 countries
since 2017," the statement says.
Phishing email used by
the BEC fraudsters (Source: Group-IB)
"Group-IB was
also able to establish that the gang is divided into subgroups with a number of
individuals still at large. While investigations are still ongoing, some 50,000
targeted victims have been identified so far,"
The year-long
investigation, dubbed ‘Operation Falcon, saw INTERPOL’s Cybercrime and
Financial Crime units work closely with Group-IB to identify and locate threats,
and ultimately, assist the Nigerian Police Force, via the INTERPOL National
Central Bureau in Abuja, in taking swift action.
Group-IB’s participation in the operation came under Project Gateway, a framework which enables INTERPOL to cooperate with private partners and receive threat data directly.
Craig Jones,
INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between
all those involved in the investigation and underlined the importance of
public-private relationships in disrupting virtual crimes.
“This group was
running a well-established criminal business model. From infiltration to
cashing in, they used a multitude of tools and techniques to generate maximum
profits. We look forward to seeing additional results from this operation,” he
said.
In a keynote
presentation at Group-IB's CyberCrimeCon 2020 virtual conference, Jones noted
that BEC scammers are among the rising pool of threat actors that are retooling
their attacks to take advantage of the pandemic.
"Nothing majorly
changed in terms of what cybercriminals were doing: They were still doing their
phishing campaigns; they were still doing ransomware; they were still doing
network intrusions," Jones added.
0 Comments