SilverTerrier BEC Group Members Arrested in Nigeria
INTERPOL has announced the results of an international operation, Falcon II, during which 11 online fraudsters were arrested in Nigeria. Among those detained were several members of the SilverTerrier (also known as TMT) BEC group, which has been active since 2019.
What Are BEC Attacks?
BEC (Business Email Compromise) attacks involve cybercriminals initiating correspondence with a company employee to gain their trust and convince them to take actions that harm the company or its clients. These attacks often use hacked employee accounts or email addresses that closely resemble official company addresses, differing by just a few characters.
Details of Operation Falcon II
The operation was carried out through the combined efforts of INTERPOL’s Global Financial Crime Task Force, Nigerian law enforcement agencies, and several private cybersecurity companies, including Group-IB and Palo Alto Networks.
According to Group-IB experts, this operation was a continuation of the earlier Falcon I operation, conducted by INTERPOL, Group-IB, and Nigerian police in November 2020. At that time, three suspects believed to be linked to the TMT group were arrested. This group is suspected of compromising 500,000 email addresses belonging to government and private organizations worldwide. The investigation continued, as some cybercriminals identified by Group-IB remained at large.
International Collaboration and Investigation
Group-IB experts in Singapore made a significant contribution to both operations by sharing information about SilverTerrier members, identifying the group’s infrastructure, collecting digital evidence of the crimes, and providing data to help identify the suspects.
Operation Falcon II lasted 10 days (from December 13 to 22). To apprehend the suspects, the Nigerian police sent 10 officers from their headquarters in Abuja to the cities of Lagos and Asaba.
Findings and Impact
According to INTERPOL’s press release, forensic analysis of data extracted from the suspects’ phones and computers revealed that the 11 individuals were connected to attacks on more than 50,000 targets.
- One of the arrested individuals had over 800,000 sets of potential victim credentials stored on his laptop.
- Another suspect was monitoring communications between 16 companies and their clients, redirecting all their financial transfers to accounts controlled by the SilverTerrier group.
- A third hacker participated in email compromise campaigns targeting organizations in West Africa, including Nigeria, Gambia, and Ghana.
These arrests mark a significant step in the fight against cybercrime and demonstrate the effectiveness of international cooperation in tackling BEC attacks.