Nigerian Police and Interpol arrest 11 linked to BEC gangs
One seized laptop contained over 800,000 potential victim domain credentials
The Nigerian Police Force (NPF), with the help of Interpol, has arrested 11 individuals in the country for their alleged involvement in business email compromise (BEC) frauds that targeted thousands of companies worldwide.
BEC attacks occur when a criminal poses as a trusted individual within an organisation to reroute funds or access privileged data. They are usually highly targeted, aimed at specific decision-makers or those in authority.
Interpol said the arrests were made by the officers of the NPF Cybercrime Police Unit and Interpol's National Central Bureau (NCB) in Nigeria. Some of those arrested are thought to belong to the BEC gang known as SilverTerrier (aka TMT).
Field activities for the operation - codenamed 'Falcon II' - were preceded by an intelligence sharing and analysis phase, during which NPF worked with law enforcement agencies around the world investigating BEC frauds linked to Nigeria.
Palo Alto Networks' Unit 42 and Group-IB provided leads for the operation, and the raids were conducted between 13th and 22nd December in Lagos and Asaba.
One arrested suspect possessed a laptop containing over 800,000 potential victim domain credentials.
In total, the gang was connected to BEC criminal schemes that targeted over 50,000 organisations worldwide.
One detained individual was found to have been listening in on conversations between 16 firms and their clients, as well as attempting to divert money to SilverTerrier accounts when transactions between them were about to take place.
Interpol also found evidence implicating another individual in multiple BEC crimes across Ghana, Gambia, and Nigeria.
This is the second large Interpol-coordinated operation in Nigeria in recent years targeting BEC perpetrators.
In November 2020 the NPF, on the basis of evidence from Interpol and Group-IB, arrested three members of a TMT group that was thought to have compromised over 500,000 organisations in more than 150 countries.
Interpol's Director of Cybercrime, Craig Jones, said Operation Falcon II sends "a clear message" that there will be serious repercussions for those involved in BEC frauds - especially as the agency continues its onslaught.
He added that Interpol is closing in on cybercrime group like SilverTerrier and gaining a better understanding of how they operate.
The latest operation against BEC operatives comes months after Romanian law enforcement authorities arrested two individuals suspected of carrying out cyber attacks using the Sodinokibi/REvil ransomware.
The arrests, made in November, were part of 'Operation GoldDust', which involved Europol, Eurojust, Interpol and 17 countries.
The suspects are allegedly responsible for 5,000 ransomware infections, and thought to have received nearly €500,000 in ransom payments.
In June, more than 800 people were arrested worldwide in an organised crime sting involving the interception of encrypted communications by law enforcement agencies.
That operation saw law enforcement agencies in 18 countries seizing over $148 million (£108 million) in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana.
And just this week, a joint operation coordinated by Europol led to the closure of a VPN service used by ransomware gangs and purveyors of malware.
Ukrainian police force said that the VPN service was established in Germany, and operated 15 servers in 10 countries.
The servers were taken down in simultaneous action coordinated by Europol and involving police forces in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the USA and the UK.