Business email compromise cybercrime group members busted

Three members of a prominent cybercrime group known for business email compromise attacks have been taken into custody, according to a press release from INTERPOL. The alleged criminals, all Nigerian nationals, were caught as a part of a year-long investigation called Operation Falcon. Operation Falcon was a joint effort between INTERPOL, Group-IB, and Nigeria Police Force’s cybercrime division. The local INTERPOL National Central Bureau in Abuja coordinated the arrest operation. Business email compromise attacks have been on the rise, taking a heavy financial toll on companies that have been victimized.

The offenses that the three alleged criminals committed began in 2017, according to data from Group-IB. Using business email compromise (BEC) attacks, the group that the Nigerian nationals belong to were able to attack using “phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations.” The trio attacked targets in roughly 150 countries and unleashed an estimated 26 different types of malware and spyware, including “AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans.”

According to the press release, INTERPOL believes that this has dealt a major blow to the group, but the work is far from over. Craig Jones, INTERPOL’s cybercrime director, stated the following about Operation Falcon:

This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation.

As one may guess from the wording in the statement, Operation Falcon is ongoing. It will likely continue until the group responsible for the numerous BEC attacks are all in custody. The group’s numbers are unknown, but to attack private companies in 150 countries, they must have decent numbers in terms of total membership. Another part of Operation Falcon is identifying the exact targets that fell victim to the BEC attacks. As of now, roughly 50,000 victims have been identified.

Any further, pressing updates on this case will be reported on as they develop.

Featured image: Designed by Macrovector / Freepik

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

SolarWinds investigation uncovers new Raindrop malware

Raindrop is just the latest in a series of high-threat malware that has been uncovered…

6 hours ago

Why you should consider using split tunneling for Microsoft 365 traffic

VPNs and Microsoft 365 are both hot — and this has created a traffic jam.…

9 hours ago

Top open-source CNCF security projects and why they matter—Part 2

In part 2 of our series on CNCF security projects, we look at four additional…

12 hours ago

Top open-source CNCF security projects and why they matter—Part 1

Security is crucial as organizations adopt cloud-native technologies. Not surprisingly, the CNCF is leading the…

1 day ago

Best of CES 2021: All the top announcements and unveilings

As usual, CES 2021 kicked off the New Year with a dazzling display of new…

1 day ago

These are 10 of the hottest IT security careers today

While nearly all IT jobs are expected to see rising demand well into the future,…

2 days ago