[German]Interpol and the Nigerian Police Force (NPF) have arrested eleven Nigerian business email compromise (BEC) actors in a joint operation. Many of the suspects are said to be members of "SilverTerrier." This is a network known for Business Email Compromise scams that have harmed thousands of businesses worldwide. These arrests were also possible thanks to information and resources from Palo Alto Networks Unit 42.
Advertising
Business email compromise remains the most common and costly threat to businesses. In the Internet Crime Complaint Center's (IC3) 2020 report, this threat topped the list for the fifth consecutive year. In half a decade, global losses have increased from $360 million in 2016 to a staggering $1.8 billion in 2020.
As part of Operation Falcon II, 11 Nigerian cyber fraudsters were arrested by police there. Among them are members of the cybercrime group SilverTerrier. The arrests took place between December 13 and 22, 2021, as part of Operation Falcon II. In addition to a corresponding press release from Palo Alto Networks, I also became aware of the issue via the following tweet.
This operation leveraged information and resources from multiple industry partners, along with law enforcement agencies from more than six countries, to trace global victims to a core group of actors who have historically operated outside the jurisdiction of foreign law enforcement agencies.
Authorities said the suspects were involved in business email compromise (BEC), a type of cybercrime in which hackers use phishing emails or hacked email accounts to trick companies or government entities into making payments to fake bank accounts.
Advertising
After a forensic analysis of data from phones and computers seized during home raids, Interpol said the 11 suspects were linked to attacks on more than 50,000 targets. "One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop," Interpol said.
Another suspect had penetrated accounts and monitored conversations within 16 companies and their customers. He was observed diverting funds to accounts linked to SilverTerrier, a known cybercrime group that runs BEC scams. A third suspect was linked to BEC attacks in numerous West African countries, including Gambia, Ghana, and Nigeria.
This operation was novel in that it did not target the easily identifiable money couriers or flashy Instagram influencers who typically profit from these schemes. Instead, it focused primarily on the technical backbone of BEC operations. To do so, it targeted the actors with the skills and knowledge to develop and deploy the malware and domain infrastructure used in these scams.
Six of the eleven individuals arrested are SilverTerrier (Nigerian malware) actors who have successfully evaded prosecution over the past decade. This is because it is difficult to trace global victims beyond the flow of stolen funds to the source of malicious network activity. Details of the entire operation or evaluation by Palo Alto Networks can be found in this blog post.
