Three members of a prominent cybercrime group known for business email compromise attacks have been taken into custody, according to a press release from INTERPOL. The alleged criminals, all Nigerian nationals, were caught as a part of a year-long investigation called Operation Falcon. Operation Falcon was a joint effort between INTERPOL, Group-IB, and Nigeria Police Force’s cybercrime division. The local INTERPOL National Central Bureau in Abuja coordinated the arrest operation. Business email compromise attacks have been on the rise, taking a heavy financial toll on companies that have been victimized.
The offenses that the three alleged criminals committed began in 2017, according to data from Group-IB. Using business email compromise (BEC) attacks, the group that the Nigerian nationals belong to were able to attack using “phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations.” The trio attacked targets in roughly 150 countries and unleashed an estimated 26 different types of malware and spyware, including “AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans.”
According to the press release, INTERPOL believes that this has dealt a major blow to the group, but the work is far from over. Craig Jones, INTERPOL’s cybercrime director, stated the following about Operation Falcon:
This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation.
As one may guess from the wording in the statement, Operation Falcon is ongoing. It will likely continue until the group responsible for the numerous BEC attacks are all in custody. The group’s numbers are unknown, but to attack private companies in 150 countries, they must have decent numbers in terms of total membership. Another part of Operation Falcon is identifying the exact targets that fell victim to the BEC attacks. As of now, roughly 50,000 victims have been identified.
Any further, pressing updates on this case will be reported on as they develop.
Featured image: Designed by Macrovector / Freepik