Interpol announced the international operation Falcon II, during which 11 Internet scammers were detained, including several members of the SilverTerrier BEC group (aka TMT), which has existed since 2019.
The term BEC (Business Email Compromise) attacks refers to cases when attackers start a correspondence with a company employee in order to gain his trust and convince him to perform actions that harm the interests of the company or its customers. For this are used hacked employee accounts or addresses that are visually similar to the company’s official addresses, but differ by a few characters.The operation was carried out jointly by the Interpol Global Financial Crime Task Force and law enforcement agencies in Nigeria, as well as with the participation of a number of private information security companies, including Group-IB and Palo Alto Networks.
Experts say that the operation was a continuation of the earlier Falcon I, carried out by Interpol and the Nigerian police in November 2020.
The investigation continued, and some of the cybercriminals identified by information security specialists remained at large at that time.
Experts at Palo Alto Networks in Singapore reportedly made significant contributions to both operations by sharing information about members of the SilverTerrier group, identifying the attackers’ infrastructure, collecting digital evidence of crimes committed and data confirming their identities.
The Falcon II operation lasted 10 days (from December 13 to 22), and to apprehend the criminals, the Nigerian police sent 10 of their employees from the headquarters located in the capital of the country, Abuja, to the cities of Lagos and Asaba.
An Interpol press release highlights that after forensic analysis of data extracted from suspects’ phones and computers seized during searches, 11 people were found to be linked to attacks on more than 50,000 targets.
So, one of the detainees had more than 800,000 credentials of potential victims stored on a laptop. Another arrested person monitored communications between 16 companies and their clients and redirected all their money transfers to accounts belonging to the SilverTerrier group. Another hacker has been involved in email compromise campaigns against organizations in West Africa, including those in Nigeria, the Gambia and Ghana.
Let me remind you that we reported that Russian authorities say members of REvil hack group arrested at US request, and also that Ukrainian Cyber Police captured another group of ransomware distributors.