Interpol arrested three Nigerians for malware use and financial crimes

Interpol announced the arrest of three criminals for their global scam operations

Cybercriminals arrested by Interpol for the financial fraud operations using AGent Tesla RAT

Scammers were arrested in Nigeria for using RAT malware to perform the malware-enabled cyber fraud. These threat actors used the malware to reroute financial transactions, so confidential online connection details from corporate organizations could be stolen.^[1] Targets were oils and gas companies in South East Asia, the Middle East, and North Africa.^[2]

The Economic and Financial Crimes Commission (EFCC) arrested the suspects in a sting operation conducted simultaneously in the Lagos suburb of Ajegunle and in Benin City, 300 km to the East of the commercial capital.

Hendrix Omorume – one of the criminals, has been charged and convicted of three counts of financial fraud. He was already sentenced to a year in prison. The other two scammers are still awaiting their trial. Criminals are between the ages of 31 and 38. The group has been arrested for having fake documents like fraudulent invoices and forged official letters used in the business email compromise attacks.^[3]

The operation Killer Bee helped by Interpol was helped with the help of other law enforcement agencies in 11 Southeast Asian countries. Interpol has not disclosed how much losses these targeted companies suffered and how much money threat actors managed to get from the affected organizations.

Criminals used the Agent Tesla RAT

Law enforcement agencies reported that these scammers used Agent Tesla to breach targeted business computers and divert those financial transactions to their own bank accounts. The .NET-based advanced malware first was discovered back in 2014.^[4] The infection is delivered via phishing emails that carry malicious file attachments and is operating to log keystrokes, capture screenshots, steal credentials, and exfiltrate other sensitive and valuable information.

Interpol seized laptops and mobile phones belonging to the arrested criminals. The complete analysis of these devices revealed the signs of the Agent Tesla deployment. This RAT threat is the powerful information-stealer malware that can steal credentials stored in web browsers, email clients, and other programs.

It is reported that Omorume used this RAT malware to steal particular account credentials in the target company and access email communications. This way, scammers could perform surveillance – the groundwork for later business email compromise. Malicious actors could know when to attack and what details should be listed on the email to convince victims to open malicious attachments.

Successful Interpol campaigns collecting cybercriminals arrests

Interpol previously arrested six criminals responsible for the Clop ransomware operations and held Operation Cyclone for 30 months for that. recently, Interpol announced the operation code-named Delilah that ended with the arrest of the possible SilverTerrier BEC gang leader.^[5]

This was a year-long investigation that involved other cybersecurity agencies and the Nigeria Police Force. The operation was conducted across four continents and is the third attempt to identify and arrested suspected members of the SilverTerrier group.

This latest arrest brings the number of individuals, who have been arrested for their involvement in BEC scams in Nigeria to 15. These recent years were active for the cybersecurity expert and law enforcement because this type of cybercrime is one of the more common ways for scammers to make a profit.

Nigerian police arrested 11 individuals back in January due to the investigation held by Interpol. These criminals attempted to defraud 50,000 organizations worldwide using these BEC scam methods. Six of them were linked with the same SilverTerrier group.