26 November 2020

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe


3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

Three suspected members of a Nigerian cybercrime group responsible for distributing malware, launching phishing campaigns and extensive Business Email Compromise (BEC) scams have been arrested in Lagos following a joint long-year investigation dubbed 'Operation Falcon', carried out by Interpol in cooperation with Group-IB and Nigeria Police Force.

According to Interpol, the gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017. The investigation is still ongoing, Interpol said that about 50,000 targeted victims have been identified so far.

The three suspects with the initials «OC» (32 y.o.), «IO» (34 y.o.), and «OI» (35 y.o.) were allegedly involved in development of phishing links, domains, and mass mailing campaigns in which they posed as representatives of organizations. In these campaigns the cybercriminals were distributing malware, spyware, and RATs, including AgentTesla, Loki, Azorult, Spartan and the Nanocore and Remcos trojans. Using these tools the crooks compromised and monitored the systems of victim organizations and individuals before launching scams and syphoning funds.

“The analysis of their operations revealed that the gang focuses on mass email phishing campaigns distributing popular malware strains under the guise of purchasing orders, product inquiries, and even COVID-19 aid impersonating legitimate companies,” Group-IB said. “The attackers use Gammadyne Mailer and Turbo-Mailer to send out phishing emails. MailChimp is used to track whether a recipient victim has opened the message.”

The hackers were also observed using earlier compromised email account to push a new round of phishing attempts, with messages crafted in English, Russian, Spanish, and other languages, depending on the scammers target list.

“The goal of their attacks is to steal authentication data from browsers, email, and FTP clients. Over the course of their operations, the gang managed to infect organizations around the world, including in the US, the UK, Singapore, Japan, and even back home in Nigeria,” according to Group-IB.


Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021