26 May 2022

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks


Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

A year-long international investigation has resulted in the arrest of a 37-year-old Nigerian man suspected to be a leader of a transnational cybercrime syndicate known as SilverTerrier that launched mass phishing campaigns and BEC (business email compromise) schemes targeting companies and individual users across four continents.

Codenamed “Delilah,” the police operation was coordinated by Interpol in collaboration with the Nigerian law enforcement and several cybersecurity firms who provided intelligence that allowed investigators to map out and track malicious online activities of the suspect.

Palo Alto Networks' Unit 42, one of the cybersecurity companies that assisted in the investigation, said in a report that the suspect has been active since 2015. The suspect is said to have been involved in the creation of 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware. The researchers noted that he shares social media connections with other BEC scammers arrested in 2021 as part of Operation Falcon II.

The man fled Nigeria in 2021 before he was apprehended by the police, but was detained in March 2022, when he attempted to enter the country.

Back to the list

Latest Posts

Researchers uncovered undetectable malware linked to Russia's APT

Researchers uncovered undetectable malware linked to Russia's APT

According to a recent report published by Palo Alto Networks, new piece of malware currently evades 56 antivirus products.  
6 July 2022
New ransomware operation RedAlert puts victims on a "board of shame"

New ransomware operation RedAlert puts victims on a "board of shame"

At this point, only one victim is listed on the RedAlert’s data leak website, indicating that the development is very new.
6 July 2022
Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Despite patching the flaw, Microsoft hasn’t provided any details about it and assigned a CVE ID yet.
6 July 2022