Operation Falcon II: Group-IB assists INTERPOL, Nigerian Police Force in action to apprehend 11 cybercriminals

Group-IB, one of the global cybersecurity leaders, whose mission lies in fighting against cybercrime, has supported the INTERPOL-led cooperative effort involving INTERPOL Global Financial Crime Task Force, Nigerian law enforcement agencies, a range of INTERPOL expert teams and its private partners. As a result of 10-day operation Falcon II, 11 alleged members of a prolific cybercrime network known for Business Email Compromise (BEC) were arrested. Many of the suspects are thought to belong to the BEC gang, dubbed TMT by Group-IB (aka SilverTerrier) and tracked since 2019.

The current operation is the second edition of Operation Falcon, a joint action by INTERPOL, Group-IB and Nigeria Police Force, held in November 2020, which resulted in the apprehension of three alleged members of the TMT gang that is thought to have compromised 500,000 government and private sector companies by that time. The investigation then continued, as some of the cybercriminals identified by Group-IB still remained at large.

Group-IB’s APAC Cyber Investigations Team has contributed to the current operation by sharing information on the threat actors, having identified the attackers’ infrastructure, collected their digital traces and assembled data on their identities. Group-IB has also expanded the investigation’s evidence base by reverse engineering the samples of malware used by the cybercriminals and conducting the digital forensics analysis of the files contained on the devices seized from the suspects.

Five years ago, we embarked on our cooperation with INTERPOL with a data-sharing agreement signing, which since then has yielded numerous successful operations. INTERPOL has been our reliable partner, whose efforts helped put behind bars a good many of the threat actors that attempted to target our customers and other organizations. We will continue to boost this cross border and cross sector data sharing for the sake of a safer cyberspace.

Dmitry Volkov
Dmitry Volkov

Group-IB CEO Group-IB

INTERPOL’s press release

The Nigerian Police Force (NPF) has arrested 11 alleged members of a prolific cybercrime network as part of a national police operation coordinated with INTERPOL.

Pic. 1 Photograph courtesy of INTEPROL

Arrested by officers of the NPF Cybercrime Police Unit and INTERPOL’s National Central Bureau (NCB) in Nigeria, many of the suspects are thought to be members of ‘SilverTerrier’, a network known for Business Email Compromise (BEC) scams which have harmed thousands of companies globally.

Intelligence-led operation

The ten-day Operation Falcon II (13-22 December) saw 10 NFP officers deployed from the Abuja headquarters to Lagos and Asaba to arrest target suspects identified ahead of time with intelligence provided by INTERPOL.

Field operations were preceded by an intelligence exchange and analysis phase, where Nigeria used INTERPOL’s secure global police communications network, I-24/7, to work with police forces across the world also investigating BEC scams linked to Nigeria.

The INTERPOL General Secretariat supported field operations 24/7, forensically extracting and analyzing data contained in the laptops and mobile phones seized by NPF during the arrests.

This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets.

One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop.

Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.

Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.


By alerting Nigeria to this serious cybercrime threat, INTERPOL enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country. The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack. I encourage fellow African countries to also work with INTERPOL in ridding our continent of cybercrime to make the cyber world a safer place.

Garba Baba Umar

Assistant Inspector General of Police , Head of NCB Abuja and INTERPOL Vice President for Africa

Following the global money trail

With BEC fraud having both a cyber and a financial element, Operation Falcon II saw financial ‘pathfinder countries’ belonging to INTERPOL’s Global Financial Crime Taskforce (IGFCTF) including Nigeria work together on cross-border financial investigations linked to the operation.

The IGFCTF is now coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.

Operation Falcon II sends a clear message that cybercrime will have serious repercussions for those involved in business email compromise fraud, particularly as we continue our onslaught against the threat actors, identifying and analyzing every cyber trace they leave. INTERPOL is closing ranks on gangs like ‘SilverTerrier’; as investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. Thanks to Operation Falcon II we know where and whom to target next.

Craig Jones

INTERPOL’s Director of Cybercrime

Critical partnerships

Led by INTERPOL’s Cybercrime Directorate in Singapore, Operation Falcon II was a cooperative effort involving IGFCTF, Nigerian law enforcement agencies, a range of INTERPOL expert teams and vital private partners Palo Alto Networks Unit 42 and Group-IB’s APAC Cyber Investigations Team.

Through INTERPOL’s Gateway initiative, Palo Alto Networks Unit 42 and Group-IB have contributed to investigations by sharing information on ‘SilverTerrier’ threat actors, and analyzing data to situate the group’s structure within the broader organized crime syndicate. They also provided key technical expertise consultancy to support the INTERPOL teams.

Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent and investigate attacks in a timely manner.

The operation was developed as part of efforts to support joint operations in Africa with funding by the Foreign, Commonwealth and Development Office (UK). INTERPOL extends its thanks for this support.

At a time of increased threat, members of the public, businesses and organizations are reminded to protect themselves from online scams by following the advice featured in INTERPOL’s #JustOneClick, #WashYourCyberHands, #OnlineCrimeIsRealCrime and #BECareful campaigns.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.