A recent coordinated operation by law enforcement officials has led to the apprehension of 11 alleged members of a Nigerian cybercrime syndicate involved in numerous business email compromise (BEC) attacks. This group’s activities have reportedly targeted over 50,000 victims globally in recent years.
The crackdown, termed Operation Falcon II, stemmed from a comprehensive 10-day investigation led by Interpol, with critical contributions from the Nigeria Police Force’s Cybercrime Police Unit and conducted in December 2021. The gathered intelligence highlighted the intricate network these cybercriminals leveraged to facilitate their schemes.
Prominent cybersecurity firms, such as Group-IB and Palo Alto Networks’ Unit 42, provided backing for the operation through detailed analyses of the threat actors and their operational frameworks. Notably, six of the individuals taken into custody have been linked to a notorious group known as SilverTerrier, also referred to as TMT.
BEC operations, which surged in prominence around 2013, employ sophisticated social engineering techniques to gain access to legitimate business email accounts. Once inside a corporate network, attackers manipulate their access to divert funds, transferring them to bank accounts under their control.
According to a statement from Interpol, one suspect was found to possess over 800,000 domain credentials potentially linked to victims on his laptop. Additionally, another individual was monitoring interactions between 16 businesses and their clients, systematically rerouting funds just prior to planned transactions with the SilverTerrier group.
SilverTerrier’s extensive operations have resulted in the detection of 540 active clusters, with the group increasingly utilizing remote access trojans and malware disguised as Microsoft Office documents for their assaults. A report from Unit 42, released in October 2021, confirmed that over 170,700 instances of malware directly attributed to Nigerian BEC actors have been documented since 2014.
These latest arrests mark the second iteration of Operation Falcon, following an initial operation in November 2020 that resulted in the arrest of three individuals tied to the SilverTerrier gang. This earlier operation found evidence suggesting that at least 500,000 accounts from both private and governmental organizations across more than 150 countries had been compromised since 2017.
Researchers from Unit 42 emphasized the escalating threat level of BEC attacks, noting that global losses attributed to this form of cybercrime skyrocketed from approximately $360 million in 2016 to an astounding $1.8 billion by 2020.
To counteract such financial frauds, it is advisable for organizations to reassess their network security strategies. Regular audits of mail servers, scrutinizing employee email settings, and implementing training to verify wire transfer requests through established contacts can play a crucial role in mitigating risks.
The investigation’s findings and the ongoing threat landscape underscore the importance of vigilance against such sophisticated cyber threats.
