SilverTerrier

SilverTerrier is a code name for a syndicate of BEC cyber criminals. Identified by the Interpol's Global Financial Crime Taskforce to be from Nigeria, they are a syndicate of over 400 unique actors or groups accused of targeting thousands of organizations worldwide through business email compromise (BEC) scams.^[1]^[2]

Starting as far back as 2014 as novices, the cyber crime gang has used tens of thousands of financial scams dating back using several malware tools.^[3]

Background[edit]

In 2014, security researchers at Palo Alto Networks' Unit42 threat-intelligence coined the name SilverTerrier to describe novice Nigerian malware groups using business email compromise attacks to exploit organizations across several sectors and countries.^[4] By 2019, 81,300 malware samples by Nigeria's BEC groups were attributed to over 2,100,00 attacks.^[5] In 2019, the group was linked to over 400 threat actors, compared to 300 in 2018.^[6] They were observed to have gone from launching 28,000 BEC attacks per month in 2018^[7] to 245,637 in 2019 towards organizations across many sectors.^[8]

They've been responsible for attacks on 50,000 different individuals and companies since inception.^[1]

They have been linked to several COVID-19 themed attacks consisting of fake orders for personal protective equipment, shipping delay notices for COVID-19-related items, fake vaccine-related news which come attached with malware.^[9]

Law Enforcement Activity[edit]

Due to the high profile of SilverTerrier, they garnered the attention of a wide range of Law Enforcement agencies. This eventually led to arrests of 11 individuals being made between December 13, 2021, and December 22, 2021, during an operation by the Nigerian Police Force and INTERPOL.^[10]

The arrests were a combined effort by Interpol's Cybercrime Directorate in Singapore, Nigerian law enforcement agencies, Group-IB and Palo Alto Networks.^[11]

The suspects were based in Lagos and Asaba, and were regarded as being part of the technical backbone of the operations, rather than low-level money mules.^[10]

According to a statement by the Assistant General of Police, Garba Baba Umar who doubles as the INTERPOL's vice president for Africa, "One of the arrested suspects was in possession of more than 800,000 user names and passwords. Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made".^[12]^[2]

In May 2022, Interpol announced the arrest 37-year-old Nigerian man in an international operation spanning four continents. The individual was regarded as the leader of the cybercrime syndicate. The police operation, codenamed Delilah, was initiated by an intelligence referral from several INTERPOL partners from the private sector: Group-IB, Palo Alto Networks Unit 42 and Trend Micro.^[13]

References[edit]

^ ^a ^b Brewster, Thomas. "800,000 Passwords, 50,000 Targets: A Huge Nigerian Fraud Operation Busted". Forbes. Retrieved 2022-01-21.
^ ^a ^b "Nigerian cybercrime fraud: 11 suspects arrested, syndicate busted". www.interpol.int. Retrieved 2022-01-21.
^ "MVISION Insights: SilverTerrier Covid-19 BEC Scheme". kc.mcafee.com. Retrieved 2022-01-21.
^ "Nigerian BEC Scammers Shifting to RATs As Tool of Choice". BleepingComputer. Retrieved 2022-01-21.
^ "Nigerian cybercriminals join big league". Information Age. Retrieved 2022-01-21.
^ "Nigerian BEC Scammers Growing Smarter, More Dangerous". threatpost.com. Retrieved 2022-01-21.
^ Ferguson, Scott (May 13, 2019). "Nigerian BEC Scammers Use Malware to Up the Ante". www.bankinfosecurity.com. Retrieved 2022-01-21.
^ "Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group". www.securityweek.com. Retrieved 2022-01-21.
^ Vigliarolo, Brandon (May 7, 2020). "Businesses: Beware of COVID-19 email compromise scams". TechRepublic. Retrieved 2022-01-21.
^ ^a ^b "Interpol nabs 11 Nigerian cyber scam kingpins, one with 800K web credentials - P.M. News". Retrieved 2022-01-21.
^ "Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang". The Hacker News. Retrieved 2022-01-21.
^ Uchechukwu, Oghenekevwe (2022-01-19). "NPF, Interpol bust cybercrime syndicate targeting over 50,000 victims". International Centre for Investigative Reporting. Retrieved 2022-01-21.
^ "Suspected head of cybercrime gang arrested in Nigeria". interpol.int. Retrieved 2022-08-25.

[:1-1] Brewster, Thomas. "800,000 Passwords, 50,000 Targets: A Huge Nigerian Fraud Operation Busted". Forbes. Retrieved 2022-01-21.

[interpol.int-2] "Nigerian cybercrime fraud: 11 suspects arrested, syndicate busted". www.interpol.int. Retrieved 2022-01-21.

[3] "MVISION Insights: SilverTerrier Covid-19 BEC Scheme". kc.mcafee.com. Retrieved 2022-01-21.

[4] "Nigerian BEC Scammers Shifting to RATs As Tool of Choice". BleepingComputer. Retrieved 2022-01-21.

[5] "Nigerian cybercriminals join big league". Information Age. Retrieved 2022-01-21.

[6] "Nigerian BEC Scammers Growing Smarter, More Dangerous". threatpost.com. Retrieved 2022-01-21.

[7] Ferguson, Scott (May 13, 2019). "Nigerian BEC Scammers Use Malware to Up the Ante". www.bankinfosecurity.com. Retrieved 2022-01-21.

[8] "Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group". www.securityweek.com. Retrieved 2022-01-21.

[9] Vigliarolo, Brandon (May 7, 2020). "Businesses: Beware of COVID-19 email compromise scams". TechRepublic. Retrieved 2022-01-21.

[:0-10] "Interpol nabs 11 Nigerian cyber scam kingpins, one with 800K web credentials - P.M. News". Retrieved 2022-01-21.

[11] "Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang". The Hacker News. Retrieved 2022-01-21.

[12] Uchechukwu, Oghenekevwe (2022-01-19). "NPF, Interpol bust cybercrime syndicate targeting over 50,000 victims". International Centre for Investigative Reporting. Retrieved 2022-01-21.

[13] "Suspected head of cybercrime gang arrested in Nigeria". interpol.int. Retrieved 2022-08-25.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]