25 May 2022

Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring

Group-IB, one of the global leaders in cybersecurity, has assisted in the INTERPOL-coordinated investigation aimed at disrupting a transnational phishing syndicate, dubbed TMT by Group-IB (aka SilverTerrier). As part of operation Delilah spanning four continents, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.

Who are TMT?

Delilah is the third in a series of law-enforcement actions aimed at identification and arrest of the suspected members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate. Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of the syndicate.

Group-IB has been tracking TMT since 2019. By 2020, TMT was through to have compromised more than 500,000 companies in more than 150 countries. According to INTERPOL, one of the suspects arrested during Falcon II in Nigeria was in possession of more than 800,000 potential victim domain credentials on his laptop.

Tracking the suspect’s movements, online and offline

In May 2021, the police operation, codenamed Delilah, was initiated by an intelligence referral from Group-IB, Palo Alto Networks — Unit 42, and Trend Micro. The intelligence was then enriched by analysts within INTERPOL’s Cyber Fusion Centre. INTERPOL’s African Joint Operation against Cybercrime (AFJOC) then referred the intelligence to Nigeria and followed up with multiple case coordination meetings supported by law enforcement in Australia, Canada and the United States.

Investigators began to map out and track the alleged malicious online activities of the suspect, thanks to ad hoc support from private sector firm CyberTOOLBELT, as well as tracking his physical movements as he travelled from one country to another. Nigerian law enforcement successfully apprehended the suspect at Murtala Muhammed International Airport in Lagos.

Photo of the suspect. Source: INTERPOL

The arrest of this alleged prominent cybercriminal in Nigeria is testament to the perseverance of our international coalition of law enforcement and INTERPOL’s private sector partners in combating cybercrime. I hope the results of Operation Delilah will stand as a reminder to cybercriminals across the world that law enforcement will continue to pursue them, and that this arrest will bring comfort to victims of the suspect’s alleged campaigns.

Garba Baba Umar

Assistant Inspector General of the Nigeria Police Force, Head of Nigeria’s INTERPOL National Central Bureau and Vice President for Africa on INTERPOL’s Executive Committee

This case underlines both the global nature of cybercrime and the commitment required to deliver a successful arrest though a global to regional operational approach in combatting cybercrime. The persistence of national law enforcement agencies, private sector partners and the INTERPOL teams all contributed to this result, analysing vast quantities of data, and providing technical and live operational support. Cybercrime is a threat that none of our 195 member countries face alone.

Bernardo Pillot

INTERPOL’s Assistant Director, Cybercrime Operations

The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies. We are proud to have leveraged our expertise in order to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world.

Dmitry Volkov

Dmitry Volkov

Group-IB CEO Group-IB

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident