Operation Falcon II: Group-IB assists INTERPOL, Nigerian Police Force in action to apprehend 11 cybercriminals

Group-IB, one of the global cybersecurity leaders, whose mission lies in fighting against cybercrime, has supported the INTERPOL-led cooperative effort involving INTERPOL Global Financial Crime Task Force, Nigerian law enforcement agencies, a range of INTERPOL expert teams and its private partners. As a result of 10-day operation Falcon II, 11 alleged members of a prolific cybercrime network known for Business Email Compromise (BEC) were arrested. Many of the suspects are thought to belong to the BEC gang, dubbed TMT by Group-IB (aka SilverTerrier) and tracked since 2019.

The current operation is the second edition of Operation Falcon, a joint action by INTERPOL, Group-IB and Nigeria Police Force, held in November 2020, which resulted in the apprehension of three alleged members of the TMT gang that is thought to have compromised 500,000 government and private sector companies by that time. The investigation then continued, as some of the cybercriminals identified by Group-IB still remained at large.

Group-IB’s APAC Cyber Investigations Team has contributed to the current operation by sharing information on the threat actors, having identified the attackers’ infrastructure, collected their digital traces and assembled data on their identities. Group-IB has also expanded the investigation’s evidence base by reverse engineering the samples of malware used by the cybercriminals and conducting the digital forensics analysis of the files contained on the devices seized from the suspects.

Five years ago, we embarked on our cooperation with INTERPOL with a data-sharing agreement signing, which since then has yielded numerous successful operations. INTERPOL has been our reliable partner, whose efforts helped put behind bars a good many of the threat actors that attempted to target our customers and other organizations. We will continue to boost this cross border and cross sector data sharing for the sake of a safer cyberspace.

Dmitry Volkov

Group-IB CEO Group-IB

INTERPOL’s press release

The Nigerian Police Force (NPF) has arrested 11 alleged members of a prolific cybercrime network as part of a national police operation coordinated with INTERPOL.

Pic. 1 Photograph courtesy of INTEPROL

Arrested by officers of the NPF Cybercrime Police Unit and INTERPOL’s National Central Bureau (NCB) in Nigeria, many of the suspects are thought to be members of ‘SilverTerrier’, a network known for Business Email Compromise (BEC) scams which have harmed thousands of companies globally.

Intelligence-led operation

The ten-day Operation Falcon II (13-22 December) saw 10 NFP officers deployed from the Abuja headquarters to Lagos and Asaba to arrest target suspects identified ahead of time with intelligence provided by INTERPOL.

Field operations were preceded by an intelligence exchange and analysis phase, where Nigeria used INTERPOL’s secure global police communications network, I-24/7, to work with police forces across the world also investigating BEC scams linked to Nigeria.

The INTERPOL General Secretariat supported field operations 24/7, forensically extracting and analyzing data contained in the laptops and mobile phones seized by NPF during the arrests.

This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets.

One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop.

Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.

Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.

By alerting Nigeria to this serious cybercrime threat, INTERPOL enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country. The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack. I encourage fellow African countries to also work with INTERPOL in ridding our continent of cybercrime to make the cyber world a safer place.

Garba Baba Umar

Assistant Inspector General of Police , Head of NCB Abuja and INTERPOL Vice President for Africa

Following the global money trail

With BEC fraud having both a cyber and a financial element, Operation Falcon II saw financial ‘pathfinder countries’ belonging to INTERPOL’s Global Financial Crime Taskforce (IGFCTF) including Nigeria work together on cross-border financial investigations linked to the operation.

The IGFCTF is now coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.

Operation Falcon II sends a clear message that cybercrime will have serious repercussions for those involved in business email compromise fraud, particularly as we continue our onslaught against the threat actors, identifying and analyzing every cyber trace they leave. INTERPOL is closing ranks on gangs like ‘SilverTerrier’; as investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. Thanks to Operation Falcon II we know where and whom to target next.

Craig Jones

INTERPOL’s Director of Cybercrime

Critical partnerships

Led by INTERPOL’s Cybercrime Directorate in Singapore, Operation Falcon II was a cooperative effort involving IGFCTF, Nigerian law enforcement agencies, a range of INTERPOL expert teams and vital private partners Palo Alto Networks Unit 42 and Group-IB’s APAC Cyber Investigations Team.

Through INTERPOL’s Gateway initiative, Palo Alto Networks Unit 42 and Group-IB have contributed to investigations by sharing information on ‘SilverTerrier’ threat actors, and analyzing data to situate the group’s structure within the broader organized crime syndicate. They also provided key technical expertise consultancy to support the INTERPOL teams.

Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent and investigate attacks in a timely manner.

The operation was developed as part of efforts to support joint operations in Africa with funding by the Foreign, Commonwealth and Development Office (UK). INTERPOL extends its thanks for this support.

At a time of increased threat, members of the public, businesses and organizations are reminded to protect themselves from online scams by following the advice featured in INTERPOL’s #JustOneClick, #WashYourCyberHands, #OnlineCrimeIsRealCrime and #BECareful campaigns.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.