A year-long international investigation has resulted in the arrest of a 37-year-old Nigerian man suspected to be a leader of a transnational cybercrime syndicate known as SilverTerrier that launched mass phishing campaigns and BEC (business email compromise) schemes targeting companies and individual users across four continents.

Codenamed “Delilah,” the police operation was coordinated by Interpol in collaboration with the Nigerian law enforcement and several cybersecurity firms who provided intelligence that allowed investigators to map out and track malicious online activities of the suspect.

Palo Alto Networks' Unit 42, one of the cybersecurity companies that assisted in the investigation, said in a report that the suspect has been active since 2015. The suspect is said to have been involved in the creation of 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware. The researchers noted that he shares social media connections with other BEC scammers arrested in 2021 as part of Operation Falcon II.

The man fled Nigeria in 2021 before he was apprehended by the police, but was detained in March 2022, when he attempted to enter the country.