A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years.
The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force’s Cybercrime Police Unit in December 2021.
Cybersecurity firms Group-IB and Palo Alto Networks’ Unit 42, both of which shared information on the threat actors and their infrastructure, said six of the 11 suspects are believed to be a part of a prolific group of Nigerian cyber actors known as SilverTerrier (aka TMT).
BEC attacks, which began to gain dominance in 2013, are sophisticated scams that target legitimate business email accounts through social engineering schemes to infiltrate corporate networks and subsequently leverage their access to initiate or redirect the transfer of business funds to attacker-controlled bank accounts for personal gain.
“One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop,” Interpol said in a statement. “Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.”
SilverTerrier has been linked to 540 distinct clusters of activity to date, with the collective increasingly adopting remote access trojans and malware packaged as Microsoft Office documents to mount their attacks. Unit 42, in a report published in October 2021, said it identified over 170,700 samples of malware directly attributed to Nigerian BEC actors since 2014.
The latest arrests constitute the second edition of Operation Falcon, the first of which resulted in the apprehension of three alleged members of the SilverTerrier gang in November 2020 for compromising at least 500,000 government and private sector companies in more than 150 countries since 2017.
“BEC remains the most common and most costly threat facing our customers,” Unit 42 researchers said. “Over half a decade, global losses have ballooned from $360 million in 2016 to a staggering $1.8 billion in 2020.”
To mitigate such financial attacks, it’s recommended for organizations to review network security policies, periodically audit mail server configurations, employee mail settings, and conduct employee training to ensure that wire transfer requests are validated using “verified and established points of contact for suppliers, vendors and partners.”