Interpol Busts Massive Nigerian BEC GangTMT Group Targeted 500,000 Companies in More Than 150 Countries
Interpol, along with Nigerian law enforcement agencies and security firm Group-IB, have uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries.
The group, dubbed TMT, has been active since 2017 and has targeted nearly 500,000 government and private organizations with BEC scams that used phishing and advanced social engineering techniques to extort payments from its victims, Group-IB says in a news release.
On Wednesday, the group and three suspected members were identified in a coordinated effort by Interpol and the Nigerian Police Force, Group-IB says.
ARRESTED: 3️ suspects in custody as @INTERPOL_Cyber, @GroupIB_GIB and @PoliceNG disrupt prolific #cybercrime group behind malware, phishing campaigns and extensive Business Email Compromise scams.https://t.co/wN2PpWIJlG— INTERPOL (@INTERPOL_HQ) November 25, 2020
"Group-IB has been tracking the gang since 2019 and established that around 500,000 government and private sector companies could have been compromised by TMT gang members," the firms says. "Based on the infrastructure that the attackers use and their techniques, Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large. The findings on other suspected gang members, whom Group-IB was able to track down, have been shared with Interpol's Cybercrime Directorate. The investigation continues."
The BEC group primarily focused on mass email phishing campaigns that distributed spyware and remote access Trojans such as AgentTesla, Loky, AzoRult, Pony and NetWire under the guise of purchasing orders and product inquiries, Group-IB notes.
The attackers then used automated email sender Gammadyne Mailer and Turbo-Mailer to send phishing emails in bulk. These emails were then tracked by the attackers using MailChimp to check if the recipients had opened the message, the report notes.
Once the victims' emails were compromised, the attackers proceeded to steal authentication data from browsers, email and FTP clients. They also sold the compromised access and sensitive data to the highest bidder in underground markets, the report adds.
In addition to automated tools, the group also used compromised email to push new rounds of phishing attempts thus helping them scale their operations.
"This cross-border operation once again demonstrated that only effective collaboration between private sector cybersecurity companies and international law enforcement can bring evildoers to justice," Vesta Matveeva, head of cyber investigations team at Group-IB APAC, notes. “It allows us to overcome regulatory differences across countries that otherwise impede threat intelligence data exchange. While further investigation is underway, we are proud of what we’ve been able to achieve thanks to coordinated efforts by Interpol with the support of Nigerian cyber police."
In a keynote presentation at Group-IB's CyberCrimeCon 2020 virtual conference Craig Jones, director of cybercrime at Interpol, noted that BEC scammers are among the rising pool of threat actors that are retooling their attacks to take advantage of the pandemic.
"Nothing majorly changed in terms of what cybercriminals were doing: They were still doing their phishing campaigns; they were still doing ransomware; they were still doing network intrusions," Jones said (see: Botnet Operators Drop Banking Trojans for Ransomware).
A recent report by Abnormal Security and Help Net Security found that there has been a staggering 200% increase in BEC attacks between April and May of this year. According to the report, invoice and payment fraud BEC attacks increased more than 75% in the first three months of 2020.
BEC Scams: A Growing Threat
In the U.S., the FBI's Internet Crime Complaint Center received more than 467,000 reports of internet-related crimes in 2019, averaging about 1,300 complaints daily, according to the report. The FBI received nearly 24,000 complaints about BEC scams last year, with a total loss of $1.7 billion and an average loss of about $72,000, according to a report issued in February (see: FBI: BEC Losses Totaled $1.7 Billion in 2019).
In recent months, however, federal law enforcement officials have advanced cases against alleged BEC scammers.
In July, A Nigerian national who has been extradited to the U.S. allegedly laundered millions of dollars stolen in business email compromise scams, according to the Justice Department. He flaunted his lavish lifestyle on social media, prosecutors say. (see: Just How Lucrative Are BEC Scams?)
In June, Obinwanne Okeke pleaded guilty to charges stemming from an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar (see: Nigerian Entrepreneur Pleads Guilty in $11 Million BEC Scam).