Three Nigerian nationals have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation.
The suspects are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise (BEC) scams.
According to a statement issued by INTERPOL on Wednesday, November 25, the suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations.
“They then used these campaigns to disseminate 26 malware programs, spyware, and remote access tools, including AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans. These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and siphoning funds. According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017,” the statement says.
Phishing email used by the BEC fraudsters (Source: Group-IB)
“Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large. While investigations are still ongoing, some 50,000 targeted victims have been identified so far,”
The year-long investigation, dubbed ‘Operation Falcon, saw INTERPOL’s Cybercrime and Financial Crime units work closely with Group-IB to identify and locate threats, and ultimately, assist the Nigerian Police Force, via the INTERPOL National Central Bureau in Abuja, in taking swift action.
Group-IB’s participation in the operation came under Project Gateway, a framework which enables INTERPOL to cooperate with private partners and receive threat data directly.
Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes.
“This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation,” he said.
In a keynote presentation at Group-IB’s CyberCrimeCon 2020 virtual conference, Jones noted that BEC scammers are among the rising pool of threat actors that are retooling their attacks to take advantage of the pandemic.
“Nothing majorly changed in terms of what cybercriminals were doing: They were still doing their phishing campaigns; they were still doing ransomware; they were still doing network intrusions,” Jones added.