Group-IB, one of the global cybersecurity leaders, whose mission lies in fighting against cybercrime, has supported the INTERPOL-led cooperative effort involving INTERPOL Global Financial Crime Task Force, Nigerian law enforcement agencies, a range of INTERPOL expert teams and its private partners. As a result of 10-day operation Falcon II, 11 alleged members of a prolific cybercrime network known for Business Email Compromise (BEC) were arrested. Many of the suspects are thought to belong to the BEC gang, dubbed TMT by Group-IB (aka SilverTerrier) and tracked since 2019.
The current operation is the second edition of Operation Falcon, a joint action by INTERPOL, Group-IB and Nigeria Police Force, held in November 2020, which resulted in the apprehension of three alleged members of the TMT gang that is thought to have compromised 500,000 government and private sector companies by that time. The investigation then continued, as some of the cybercriminals identified by Group-IB still remained at large.
Group-IB’s APAC Cyber Investigations Team has contributed to the current operation by sharing information on the threat actors, having identified the attackers’ infrastructure, collected their digital traces and assembled data on their identities. Group-IB has also expanded the investigation’s evidence base by reverse engineering the samples of malware used by the cybercriminals and conducting the digital forensics analysis of the files contained on the devices seized from the suspects.
Five years ago, we embarked on our cooperation with INTERPOL with a data-sharing agreement signing, which since then has yielded numerous successful operations. INTERPOL has been our reliable partner, whose efforts helped put behind bars a good many of the threat actors that attempted to target our customers and other organizations. We will continue to boost this cross border and cross sector data sharing for the sake of a safer cyberspace.
Group-IB CEO Group-IB
INTERPOL’s press release
The Nigerian Police Force (NPF) has arrested 11 alleged members of a prolific cybercrime network as part of a national police operation coordinated with INTERPOL.
Pic. 1 Photograph courtesy of INTEPROL
Arrested by officers of the NPF Cybercrime Police Unit and INTERPOL’s National Central Bureau (NCB) in Nigeria, many of the suspects are thought to be members of ‘SilverTerrier’, a network known for Business Email Compromise (BEC) scams which have harmed thousands of companies globally.
The ten-day Operation Falcon II (13-22 December) saw 10 NFP officers deployed from the Abuja headquarters to Lagos and Asaba to arrest target suspects identified ahead of time with intelligence provided by INTERPOL.
Field operations were preceded by an intelligence exchange and analysis phase, where Nigeria used INTERPOL’s secure global police communications network, I-24/7, to work with police forces across the world also investigating BEC scams linked to Nigeria.
The INTERPOL General Secretariat supported field operations 24/7, forensically extracting and analyzing data contained in the laptops and mobile phones seized by NPF during the arrests.
This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets.
One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop.
Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.
Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.
By alerting Nigeria to this serious cybercrime threat, INTERPOL enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country. The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack. I encourage fellow African countries to also work with INTERPOL in ridding our continent of cybercrime to make the cyber world a safer place.
Assistant Inspector General of Police , Head of NCB Abuja and INTERPOL Vice President for Africa
Following the global money trail
With BEC fraud having both a cyber and a financial element, Operation Falcon II saw financial ‘pathfinder countries’ belonging to INTERPOL’s Global Financial Crime Taskforce (IGFCTF) including Nigeria work together on cross-border financial investigations linked to the operation.
The IGFCTF is now coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.
Operation Falcon II sends a clear message that cybercrime will have serious repercussions for those involved in business email compromise fraud, particularly as we continue our onslaught against the threat actors, identifying and analyzing every cyber trace they leave. INTERPOL is closing ranks on gangs like ‘SilverTerrier’; as investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. Thanks to Operation Falcon II we know where and whom to target next.
INTERPOL’s Director of Cybercrime
Led by INTERPOL’s Cybercrime Directorate in Singapore, Operation Falcon II was a cooperative effort involving IGFCTF, Nigerian law enforcement agencies, a range of INTERPOL expert teams and vital private partners Palo Alto Networks Unit 42 and Group-IB’s APAC Cyber Investigations Team.
Through INTERPOL’s Gateway initiative, Palo Alto Networks Unit 42 and Group-IB have contributed to investigations by sharing information on ‘SilverTerrier’ threat actors, and analyzing data to situate the group’s structure within the broader organized crime syndicate. They also provided key technical expertise consultancy to support the INTERPOL teams.
Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent and investigate attacks in a timely manner.
The operation was developed as part of efforts to support joint operations in Africa with funding by the Foreign, Commonwealth and Development Office (UK). INTERPOL extends its thanks for this support.
At a time of increased threat, members of the public, businesses and organizations are reminded to protect themselves from online scams by following the advice featured in INTERPOL’s #JustOneClick, #WashYourCyberHands, #OnlineCrimeIsRealCrime and #BECareful campaigns.