Three suspects have been arrested in Lagos, Nigeria following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation.
The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.
The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations.
They then used these campaigns to disseminate 26 malware programmes, spyware and remote access tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos Remote Access Trojans.
These programmes were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds.
According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017.
Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large.
While investigations are still ongoing, some 50,000 targeted victims have been identified so far.
Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes.
“This group was running a well-established criminal business model.
From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits.
We look forward to seeing additional results from this operation,” he said.