Interpol Arrests 3 Nigerian Fraudsters Targeting More Than 500,000 Companies. Interpol arrested three Nigerian citizens suspected of being members of an organized cybercriminal group behind malware distribution, phishing campaigns and extensive BEC (Business Email Compromise) scams in Lagos city on November 24.

Dubbed Operation Falcon, the investigation was conducted jointly by the Singapore-based cybersecurity firm Group-IB and the international police force, together with the Nigerian Police Force, the main law enforcement agency in the country. As the investigation continues to track other suspected gang members and the monetization methods used by the group, nearly 50,000 targeted victims of the criminal plans so far have been identified. Group-IB’s involvement in the year-round operation came as part of Interpol’s Project Gateway, which provides a framework for deals with selected private sector partners and receives threat information directly.

Suspects impersonate organization representatives

“The suspects allegedly developed phishing links, domains, and mass-mailing campaigns, impersonating representatives of the organization,” Interpol said. “Later, they used these campaigns to spread 26 malware programs, spyware and remote access tool, including AgentTesla, Loki, Azorult, Spartan, and nanocore and Remcos Remote Access Trojans.”

In addition to running BEC campaigns and sending emails with malware-linked email attachments, the attacks used it to infiltrate and track the systems of victim organizations and individuals. This led to a settlement of at least 500,000 government and private sector companies by more than one person. 150 countries since 2017. Some of the bulk email phishing campaigns have taken the form of purchase orders, product inquiries, and even COVID-19 assistance impersonating legitimate companies. Operators were using Gammadyne Mailer and Turbo-Mailer to send phishing emails. The group also used MailChimp (an American marketing automation platform and email marketing service) to track whether a recipient opened the message.

Business Models

Group-IB stated that the ultimate goal of the attacks was to steal authentication data from browsers, emails and FTP clients of companies in the US, UK, Singapore, Japan, Nigeria and others. “This group was operating a well-established crime business model,” said Craig Jones, Interpol’s Director of Cybercrime. “From infiltration to cashing, they used multiple tools and techniques to maximize profits.” said.