Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring

Media Center Press Releases
May 25, 2022 · 4 min to read
Africa
Dmitry Volkov
INTERPOL
Investigation

Group-IB, one of the global leaders in cybersecurity, has assisted in the INTERPOL-coordinated investigation aimed at disrupting a transnational phishing syndicate, dubbed TMT by Group-IB (aka SilverTerrier). As part of operation Delilah spanning four continents, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.

Who are TMT?

Delilah is the third in a series of law-enforcement actions aimed at identification and arrest of the suspected members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate. Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of the syndicate.

Group-IB has been tracking TMT since 2019. By 2020, TMT was through to have compromised more than 500,000 companies in more than 150 countries. According to INTERPOL, one of the suspects arrested during Falcon II in Nigeria was in possession of more than 800,000 potential victim domain credentials on his laptop.

Tracking the suspect’s movements, online and offline

In May 2021, the police operation, codenamed Delilah, was initiated by an intelligence referral from Group-IB, Palo Alto Networks Unit 42, and Trend Micro. The intelligence was then enriched by analysts within INTERPOL’s Cyber Fusion Centre. INTERPOL’s African Joint Operation against Cybercrime (AFJOC) then referred the intelligence to Nigeria and followed up with multiple case coordination meetings supported by law enforcement in Australia, Canada and the United States.

Investigators began to map out and track the alleged malicious online activities of the suspect, thanks to ad hoc support from private sector firm CyberTOOLBELT, as well as tracking his physical movements as he travelled from one country to another. Nigerian law enforcement successfully apprehended the suspect at Murtala Muhammed International Airport in Lagos.

Photo of the suspect. Source: INTERPOL

The arrest of this alleged prominent cybercriminal in Nigeria is testament to the perseverance of our international coalition of law enforcement and INTERPOL’s private sector partners in combating cybercrime. I hope the results of Operation Delilah will stand as a reminder to cybercriminals across the world that law enforcement will continue to pursue them, and that this arrest will bring comfort to victims of the suspect’s alleged campaigns.

Garba Baba Umar

Assistant Inspector General of the Nigeria Police Force, Head of Nigeria’s INTERPOL National Central Bureau and Vice President for Africa on INTERPOL’s Executive Committee

This case underlines both the global nature of cybercrime and the commitment required to deliver a successful arrest though a global to regional operational approach in combatting cybercrime. The persistence of national law enforcement agencies, private sector partners and the INTERPOL teams all contributed to this result, analysing vast quantities of data, and providing technical and live operational support. Cybercrime is a threat that none of our 195 member countries face alone.

Bernardo Pillot

INTERPOL’s Assistant Director, Cybercrime Operations

The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies. We are proud to have leveraged our expertise in order to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world.

Dmitry Volkov
Dmitry Volkov

Group-IB CEO Group-IB

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Read next
Top Women in Security ASEAN Awards 2025
November 13, 2025
Group-IB’s High-Tech Crime Investigations team triumphs at Top Women in Security ASEAN Awards 2025
October 21, 2025
Group-IB launches Asia-Pacific’s first Cyber Fusion Center in Singapore
October 9, 2025
Group-IB Intelligence Powers Spanish Guardia Civil Operation to Dismantle the “GXC Team” Cybercrime Syndicate
September 30, 2025
Group-IB and Cyber Samurai join forces to enhance cyber resilience in the DACH region
September 26, 2025
Group-IB supports INTERPOL’s “Operation Contender 3.0”, leading to the arrest of 260 suspects in Africa
September 25, 2025
Group-IB Unites Partners to Strengthen Turkey’s Cybersecurity Landscape
Go to all Press Releases →