Three suspected members of a Nigerian cybercrime group responsible for distributing malware, launching phishing campaigns and extensive Business Email Compromise (BEC) scams have been arrested in Lagos following a joint long-year investigation dubbed 'Operation Falcon', carried out by Interpol in cooperation with Group-IB and Nigeria Police Force.

According to Interpol, the gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017. The investigation is still ongoing, Interpol said that about 50,000 targeted victims have been identified so far.

The three suspects with the initials «OC» (32 y.o.), «IO» (34 y.o.), and «OI» (35 y.o.) were allegedly involved in development of phishing links, domains, and mass mailing campaigns in which they posed as representatives of organizations. In these campaigns the cybercriminals were distributing malware, spyware, and RATs, including AgentTesla, Loki, Azorult, Spartan and the Nanocore and Remcos trojans. Using these tools the crooks compromised and monitored the systems of victim organizations and individuals before launching scams and syphoning funds.

“The analysis of their operations revealed that the gang focuses on mass email phishing campaigns distributing popular malware strains under the guise of purchasing orders, product inquiries, and even COVID-19 aid impersonating legitimate companies,” Group-IB said. “The attackers use Gammadyne Mailer and Turbo-Mailer to send out phishing emails. MailChimp is used to track whether a recipient victim has opened the message.”

The hackers were also observed using earlier compromised email account to push a new round of phishing attempts, with messages crafted in English, Russian, Spanish, and other languages, depending on the scammers target list.

“The goal of their attacks is to steal authentication data from browsers, email, and FTP clients. Over the course of their operations, the gang managed to infect organizations around the world, including in the US, the UK, Singapore, Japan, and even back home in Nigeria,” according to Group-IB.