Nigerian hackers behind extensive BEC scams arrested

Nigerian hackers behind extensive BEC scams arrested

Nigerian hackers behind extensive BEC scams arrested

Three prolific Nigerian hackers have been arrested in Nigeria for carrying out extensive Business Email Compromise scams, phishing campaigns, and malware attacks to compromise government and private sector companies in more than 150 countries since 2017.

The Nigerian hackers were arrested following a joint investigation by Interpol’s Cybercrime Directorate, Group-IB’s APAC Cyber Investigations Team, and the Nigerian Police Force into the use of extensive Business Email Compromise scams and phishing campaigns by organised cyber crime groups to target over 50,000 victims worldwide.

According to Interpol, the criminals set up a large number of phishing links and domains and shared them via mass mailing campaigns to targeted organisations by impersonating representatives of organisations. Via these emails, the criminals also disseminate 26 malware programmes, spyware, remote access tools such as AgentTesla, Loki, Azorult, and Spartan as well as Remote Access Trojans such as Remcos and nanocore.

Once the recipients clicked on the phishing links or visited malicious domains set up by the cyber criminals, the latter used remote access tools, spyware, and remote access trojans to infiltrate and monitor the systems of victim organisations and individuals before launching scams and siphoning funds. Since 2017, the cyber criminals compromised at least 500,000 government and private sector companies in more than 150 countries.

According to security firm Group-IB which supported the investigation dubbed Operation Falcon, the arrested Nigerian hackers are members of a large and organised cyber crime group called TMT, a number of whose prominent members are still at large.

The hackers used Gammadyne Mailer and Turbo-Mailer to send out phishing emails, used MailChimp to track if a recipient opened a message, sent out emails in English, Russian, Spanish, and other languages depending on target lists, and used earlier compromised email accounts to push a new round of phishing attempts.

To avoid detection and tracking by traditional security tools, members of the TMT cyber gang used public crypters, communicated with deployed malware via SMTP, FTP, HTTP protocols, and made extensive use of publicly available Spyware and Remote Access Trojans (RATs), such as AgentTesla, Loky, AzoRult, Pony, NetWire, etc.

“The goal of their attacks is to steal authentication data from browsers, email, and FTP clients. Over the course of their operations, the gang managed to infect organisations around the world, including in the US, the UK, Singapore, Japan, and even back home in Nigeria.

“While the monetisation methods of this gang are still being investigated, it’s not uncommon for cybercriminals to sell account access as well as sensitive data extracted from emails could to the highest bidder in the underground markets,” the firm said.

“This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation,” said Craig Jones, Interpol’s Cybercrime Director.

Image Source: Interpol

ALSO READ: Hacker behind audacious $1 million airplane scam arrested in the US

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]