In the space of 24 hours, Europol and Interpol have announced a salvo of major cybercrime actions. First came the arrests of three individuals in Nigeria over their alleged breaches of as many as 50,000 companies and government entities, followed by the completion of a three-month operation that police believe has prevented $48 million ending up in the hands of credit card thieves.
Interpol said Wednesday that a joint operation with Nigerian police and cybercrime company Group-IB that three individuals were apprehended in Lagos, and alleged to have targeted hundreds of thousands of organizations with phishing emails. In many they impersonated employees at the companies. They were believed to be part of a cybercrime group dubbed TMT, which infected the networks of companies across 150 countries, the U.S. and the U.K. included. Group-IB, which has tracked TMT in the last three years, claimed as many as 500,000 organizations had been targeted since 2017.
In at least one phishing email, they claimed to be offering information on Covid-19 vaccines, but the attachment was laced with malware. Their overall aim was to grab login data for email accounts and storage folders, though police said they were still investigating how they made money. Interpol suggested they siphoned off funds from victim computers. Group-IB also noted it was common for such hacker crews to sell access to compromised companies.
The arrests came after a year-long investigation dubbed Operation Falcon. “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits,” said Craig Jones, Interpol cybercrime director.
Meanwhile, in an operation led by police in Italy and Hungary with support from the U.K. and Europol, 90,000 pieces of recently-stolen credit card data were collected by Group-IB. The data came from so-called carding websites where banking information is traded and botnets (groups of hacked PCs, through which pilfered data is passed). Europol then coordinated with law enforcement, who contacted banks so they could prevent any fraudulent transactions taking place, according to an announcement Wednesday morning.
MORE FOR YOU
According to the Group-IB Hi-Tech Crime Trends report covering 2020, the trade of stolen credit card data is now worth $1.9 billion a year.