Huge Nigerian BEC Gang Busted!
Table of Contents
- By Dawna M. Roberts
- Published: Dec 01, 2020
- Last Updated: Mar 18, 2022
It’s not often that the good guys get to celebrate a win, but a huge one was recently earned by Interpol, who busted a large Nigerian BEC gang as reported by DataBreach Today and The Hacker News.
How it Happened
Interpol has been working with a cybersecurity firm Group-IB and local Nigerian law enforcement to take down a prolific group of cybersecurity criminals that targeted more than 500,000 government agencies and businesses in 150 countries using email scams.
The group, which originated in 2017 is nicknamed TMT, has been using various social engineering techniques, phishing, and BEC (business email compromise) scams to export millions from victims.
Group-IB said in a recent press release, “Group-IB, a global threat hunting, and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, and Group-IB’s APAC Cyber Investigations Team has resulted in the arrest of three individuals in Lagos. Since at least 2017, the prolific gang compromised at least 500,000 government and private sector companies in more than 150 countries. The investigation continues as some of the gang members remain at large.”
They continued to describe the win with “Group-IB has been tracking the gang since 2019 and established that around 500,000 government and private sector companies could have been compromised by TMT gang members. Based on the infrastructure that the attackers use and their techniques, Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large. The findings on other suspected gang members, whom Group-IB was able to track down, have been shared with INTERPOL’s Cybercrime Directorate. The investigation continues.”
Officials arrested three of the gang members in Lagos, although others are still on the loose.
Some of the Technical Details
According to Group-IB, the gang used Gammadyne Mailer and Turbo-Mailer to distribute their phishing emails.
They go onto explain, “Group-IB researchers note that the cybercriminals behind these BEC operations rely exclusively on a variety of publicly available Spyware and Remote Access Trojans (RATs), such as AgentTesla, Loky, AzoRult, Pony, NetWire, etc. To avoid detection and tracking by traditional security tools, the gang uses public crypters. Most often, malware operated by TMT communicates with the attackers’ C&C server using SMTP, FTP, HTTP protocols.”
Using these tools, the hackers hoped to grab authentication from email, FTP, and browsers. The investigations showed infected companies in the U.S. Japan, Singapore, and even their home, Nigeria. Some of the stolen information is expected to be found on the dark web for sale.
Craig Jones, the Director of Cybercrime at Interpol, said, “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation.”
Vesta Matveeva, head of Group-IB’s APAC Cyber Investigations Team, was quoted as saying, “This cross-border operation once again demonstrated that only effective collaboration between private sector cybersecurity companies and international law enforcement can bring evildoers to justice. It allows to overcome regulatory differences across countries that impede threat intelligence data exchange. While further investigation is underway, we are proud by what we’ve been able to achieve thanks to coordinated efforts by INTERPOL with the support of Nigerian cyber police.”
What is a BEC Scam and How to Avoid It?
BEC scams are business email compromise scams where hackers and thieves send phishing emails to employees at a company. They hope that the employee will click a link which then infects their computer with malware so the threat actor can take control and steal additional credentials to access secure information. A component to these scams is social engineering, where the subject of the email is designed to stir emotion in the recipient (either panic, excitement, or curiosity) to get them to click. Some of the topics from this particular gang include product inquiries, purchase orders, and COVID-19 related emails. Often, the hackers will style the email to appear to come from a legitimate source (such as the CDC) using fonts, colors, logos, etc. However, even when spoofed, the email address headers will show where it really came from.
The FBI has received more than 467,000 complaints of cybercrime during 2019. The previous year the total was only 24,000. The pandemic has spurred on a flurry of internet-related crime that government and private security agencies are struggling to contain.
- To avoid BEC scams, never trust that an email is from a legitimate source without verifying the details elsewhere.
- Never click a link in an email. Go to a fresh browser instead.
- Only install approved software from trusted sources.
- Update all computes with the latest security patches.
- Keep strong anti-virus/anti-malware on all machines.