alleged SilverTerrier leader
operation-delilah-photo-unit-42

Alleged leader of Nigerian email fraud group has been captured, Interpol says

Interpol said Wednesday that it struck a major blow against a cybercrime group known for business email compromise (BEC) scams aimed at stealing money from companies around the world.

The international law enforcement agency announced that the cybercrime unit of Nigeria's national police arrested a 37-year-old Nigerian man suspected to be the leader of a BEC group known as SilverTerrier to cybersecurity researchers.

The unidentified suspect "is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said.

Palo Alto Networks' Unit 42, one of the cybersecurity companies that assisted in the investigation, posted a photo of the suspect but did not identify him. Three other companies — Trend Micro, Group-IB and CyberTOOLBELT — also collaborated with law enforcement, authorities said.

The operation is the latest in a series of counter-BEC actions that most recently included the apprehension of 11 suspected members of the SilverTerrier gang in January. That sting was called Operation Falcon II. The latest is labeled Operation Delilah.

"Specifically, in this case, the SilverTerrier actor fled Nigeria in 2021 when authorities initially attempted to apprehend him," Unit 42 said. "Months later, in March 2022, he attempted to return home and was quickly identified and detained as he attempted to re-enter Nigeria."

U.S., Australian and Canadian agencies assisted Nigerian authorities and Interpol in the investigation, Interpol said.

“This case underlines both the global nature of cybercrime and the commitment required to deliver a successful arrest through a global to regional operational approach in combatting cybercrime,” said Bernardo Pillot, assistant director of cybercrime operations at Interpol.

The suspected leader's activity traces back to 2015, Unit 42 said, and he has social media links to at least three other SilverTerrier suspects arrested in 2021. Group-IB, which has been tracking the SilverTerrier under the name TMT since 2019, said it believed the group compromised more than 500,000 companies in more than 150 countries by 2020.

BEC scams typically happen when attackers take over email accounts at a company and then use them to coax fraudulent financial transactions out of unwitting employees. The FBI's Internet Crime Complaint Center said such scams were worth at least $2.3 billion in 2021.

In Verizon's annual Data Breach Investigation Report, published Tuesday, the authors said BEC scams are a prime example of how social engineering is a sharp tool for crooks.

"BECs come in many forms: your organization may be targeted due to a breach in a partner, your partners may be targeted due to a breach of your emails, you may be breached and then targeted using your own breach, or ... there may be no breach at all, just an attacker with a convincing story about why they need your money," the DBIR said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Joe Warminsky

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. He previously he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.