International law enforcement authorities say they’ve arrested nearly a dozen members of a notorious Nigerian cybercrime gang potentially responsible for targeting as many as 50,000 victims in various scams in recent years.
Some of the 11 suspects are thought to be associated with “SilverTerrier,” a syndicate accused of employing a range of malware variants in tens of thousands of financial scams dating back to at least 2014, Interpol said Wednesday.
The announcement comes two months after three members of the same group were arrested after a year-long Interpol-led investigation called Operation Falcon into the prolific business email compromise (BEC) scams the group’s members are alleged to have pulled off over the years.
Authorities called this latest roundup Operation Falcon II. The arrests occurred between Dec. 13 and 22, but it’s not clear exactly where. A statement from a senior Nigerian law enforcement official and included in the Interpol release referenced the arrest of “globally active criminals nationwide, flushing them out no matter where they tried to hide in my country.”
Palo Alto Networks’ threat intelligence arm, Unit 42, assisted with the latest operation. Group-IB, a Singapore-based cybersecurity firm, also aided by providing research on the suspects’ infrastructure, digital traces of activity, and their identities.
Preliminary analysis suggests the 11 suspects’ collective involvement in the scams may be associated with more than 50,000 targets, the Interpol statement said. One of the suspects allegedly had more than 800,000 sets of stolen website credentials on his laptop, the agency reported, while another had been “monitoring conversations” between 16 companies and their clients, “and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.”
Analysts with Unit 42 said six of the 11 suspects arrested have ties to SilverTerrier and have “successfully avoided prosecution for the past half decade due to the complexities of mapping global victims beyond the flow of stolen funds back to the source of malicious network activity.”
Unit 42 also noted that rather than targeting “easily identifiable money mules or flashy Instagram influencers,” the operation focused instead on the “technical backbone of BEC operations” and individuals who have the skills and knowledge to build and deploy the malware and domain infrastructure used in the schemes.
BEC remains “one of the most financially damaging online crimes,” according to the FBI. In 2020 the FBI received more than 19,000 BEC and email account compromise complaints, costing victims as much as $1.86 billion. BEC refers to a scam where a company employee authorized to make payments on behalf of the company is tricked into authorizing phony payments or money transfers into accounts controlled by the attacker, via spoofed or legitimate email, or over the phone.