3 Arrests Shed Light on Major BEC Phishing Ring
A joint INTERPOL, Group-IB, and Nigeria Police Force investigation has resulted in the arrest of three Nigerian nationals, believed to be responsible for a massive business email compromise (BEC) ring. The three men are believed to be responsible for distributing malware, carrying out phishing campaigns and extensive scams worldwide.
In a BEC attack, a threat actor impersonates a company executive or other trusted party and tries to trick an employee who is responsible for payments or other financial transactions into wiring money to a bogus account. These types of scams often require the attacks to conduct a fair amount of recon work, studying executive styles and discovering the organization’s vendors, billing system practices and other information to help perform a convincing phishing attack.
According to INTERPOL, the suspects are alleged to have developed phishing links and domains, then carrying out mass-emailing campaigns where they impersonated employees at various organizations. Upon successful social-engineering efforts, they then spread 26 distinct malware variants to victims, including spyware and remote access trojans. The samples included AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos RATs. It’s believed that roughly 50,000 targeted victims have been identified so far, with victims being government and private-sector companies in more than 150 countries since 2017.
Sources: