3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

Three suspected members of a Nigerian cybercrime group responsible for distributing malware, launching phishing campaigns and extensive Business Email Compromise (BEC) scams have been arrested in Lagos following a joint long-year investigation dubbed 'Operation Falcon', carried out by Interpol in cooperation with Group-IB and Nigeria Police Force.

According to Interpol, the gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017. The investigation is still ongoing, Interpol said that about 50,000 targeted victims have been identified so far.

The three suspects with the initials «OC» (32 y.o.), «IO» (34 y.o.), and «OI» (35 y.o.) were allegedly involved in development of phishing links, domains, and mass mailing campaigns in which they posed as representatives of organizations. In these campaigns the cybercriminals were distributing malware, spyware, and RATs, including AgentTesla, Loki, Azorult, Spartan and the Nanocore and Remcos trojans. Using these tools the crooks compromised and monitored the systems of victim organizations and individuals before launching scams and syphoning funds.

“The analysis of their operations revealed that the gang focuses on mass email phishing campaigns distributing popular malware strains under the guise of purchasing orders, product inquiries, and even COVID-19 aid impersonating legitimate companies,” Group-IB said. “The attackers use Gammadyne Mailer and Turbo-Mailer to send out phishing emails. MailChimp is used to track whether a recipient victim has opened the message.”

The hackers were also observed using earlier compromised email account to push a new round of phishing attempts, with messages crafted in English, Russian, Spanish, and other languages, depending on the scammers target list.

“The goal of their attacks is to steal authentication data from browsers, email, and FTP clients. Over the course of their operations, the gang managed to infect organizations around the world, including in the US, the UK, Singapore, Japan, and even back home in Nigeria,” according to Group-IB.


Back to the list

Latest Posts

Researchers caught embedding hidden AI prompts to sway research reviewers

Researchers caught embedding hidden AI prompts to sway research reviewers

The investigation analyzed English-language preprints published on the research platform arXiv and found concealed AI instructions in 17 papers.
7 July 2025
Brazilian programmer arrested for role in $185 million bank hack

Brazilian programmer arrested for role in $185 million bank hack

João Nazareno Roque, a junior back-end developer at C&M, was allegedly recruited by hackers in a bar in São Paulo.
7 July 2025
APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

More recently, APT36 has shifted its focus to Linux-based environments.
7 July 2025