Three suspects alleged to have targeted government and private sector companies in more than 150 countries have been arrested in Nigeria’s commercial capital, Lagos, after a joint INTERPOL, Group-IB and Nigeria Police cybercrime investigation.
The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.
The year-long investigation, which was code-named Operation Falcon, has identified at least 50,000 victims so far.
According to a statement on Interpol’s website, the suspects are alleged to have developed phishing links, domains, and mass mailing campaigns, in which they impersonated representatives of organizations. They then used these campaigns to disseminate 26 malware programmes, spyware and remote access tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos Remote Access Trojans.
These programmes were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds. According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017.
Craig Jones, INTERPOL’s Cybercrime Director, said: “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation.”