Operation Falcon: BEC Phishing Threat Actors Detained!

December 3, 2020
operation falcon BEC phishing threat actors antiphishing spear-phishing fraud prevention Nigeria

Three Nigerian nationals that are ostensibly pointed out as the Threat actors behind a malware distribution for phishing and other scams worldwide lead the joint force of INTERPOL, Nigeria Police Force cybercrime investigation, and Group-IB for their Operation Falcon in Lagos, Nigeria.

There were reportedly 50,000 victims that were identified in an enormous Global Scam that comprises 26 different malware.

These Threat actors are believed to have developed several phishing links, domains, and spear-phishing email campaigns where they pretend to be one of the Company Executives and deceits an employee that handles financial transactions into transferring money into a forged account.

These Cybercriminals use Gammadyne Mailer and Turbo-Mailer to disperse their Phishing emails to their target victims. They then use MailChimp software to track if the phishing email has been opened by the victim.

Once successful in executing Social Engineering tactics, they will then proliferate 26 different malware variants that include, spyware and Remote Access Trojans (RATs). Some of these are AgentTesla, Azorult, Spartan, Loki, and Remcos RATs. These are used to penetrate and surveil the system of the target Organization.

To dodge detection and being tracked by the security software, they use public crypters.


The Operation Falcon BEC Phishing Threat Actors image 1


According to their investigation, the sample phishing emails that they acquired were crafted in different languages such as English, Spanish, Russian, and other languages that differ depending on their target Organization.


As per INTERPOL, the Group-IB has identified that these Threat Actors were believed to compromised at least 500,000 Private Sector Companies and Governments in more than 150 countries that dated back to the year 2017.


In conclusion, these Cybercriminals are well-established criminals, and they use different tools and techniques to infiltrate their target Organization and produce a high profit.

Observation shows a rise in cases where wire transfer losses caused by these Business Email Compromise (BEC) attacks the resent quarters of 2020. The average was $80,183 from $54,000 in the first quarter.

These Cybercriminals were divided into a subgroup, and some of them are still at large. The Operation Falcon devised by INTERPOL, Nigeria Police Force cybercrime investigation and Group-IB investigation continues as they are always on the hunt to capture these Cybercriminals.


About the author

Leave a Reply