Interpol and Nigerian police bust cybercrime BEC ring

Palo Alto Networks Unit 42 and Group-IB helped law enforcement officials disrupt the ring, which was in possession of more than 800,000 potential victim domain credentials.
Written by Jonathan Greig, Contributor

Interpol and the Nigerian Police Force (NPF) arrested 11 people allegedly involved in a "prolific" cybercrime ring known for running Business Email Compromise (BEC) scams that targeted thousands of companies around the world. 

In a statement, the law enforcement agencies said the NPF and Interpol's National Central Bureau in Nigeria coordinated to conduct the raids in Lagos and Asaba between December 13 to December 22. Some of those arrested are allegedly members of a cybercrime network called 'SilverTerrier.'

After the raids, police found one suspect with a laptop containing more than 800,000 potential victim domain credentials, and in total, the group was connected to BEC criminal schemes targeting more than 50,000 organizations. 

According to Interpol, one suspect was spying on conversations between 16 different companies and their clients, planning to divert funds when transactions were about to be made eventually. Interpol found other evidence implicating another person in a range of BEC crimes across Gambia, Ghana and Nigeria.

More than six countries were involved in the effort, according to Interpol. Assistant Inspector General of Police Garba Baba Umar, head of NCB Abuja and Interpol Vice President for Africa, said Interpol's alerts and technology helped them break up the cybercrime ring. 

"The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack. I encourage fellow African countries to also work with Interpol in ridding our continent of cybercrime to make the cyber world a safer place," Umar said. 

Craig Jones, Interpol director of cybercrime, said the investigation into SilverTerrier has helped them build a "very clear picture of how such groups function and corrupt for financial gain."

"Thanks to Operation Falcon II, we know where and whom to target next," Jones said. 

Palo Alto Networks' Unit 42 and Group-IB's APAC Cyber Investigations Team assisted Interpol and the NPF in the investigation, providing detailed examinations of the group's activities. 

Palo Alto Networks released a blog about the investigation with information about some members of SilverTerrier. They noted that global losses from BEC scams grew to $1.8 billion in 2020, according to FBI statistics

"This recent operation was novel in its approach in that it didn't target the easily identifiable money mules or flashy Instagram influencers who are typically seen benefiting from these schemes. Instead, it focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes," Palo Alto Networks explained. 

The company named six of those involved in SilverTerrier, tying each to a range of different BEC scams and malware used during attacks like LokiBot, PredatorPain, ISRStealer, Pony, NanoCore, AzoRult, ISpySoftware, Agent Tesla and Keybase. Many of those identified had thousands of domains registered to their names or aliases, supporting other BEC actors. 

A number of those involved had been working on BEC scams since 2014 or 2015.

Editorial standards