Interpol has confirmed the arrest of 3 Nigerian men in Lagos, who’ve been suspected of rerouting financial transactions and stealing account passwords using remote access trojans (RATs).
Interpol, with the assistance of law enforcement agencies from 11 Southeast Asian countries, spearheaded the worldwide operation code-named “Killer Bee.”
The gang’s targets throughout the Middle East, North Africa, and Southeast Asia, according to a study released today, included huge corporations and oil and gas companies.
Interpol, on the other hand, did not say how much money the group was able to steal from the victims.
Hendrix Omorume, one of the three men arrested, faces a one-year prison sentence for holding bogus documents, acquiring money under false pretences, and impersonation.
The other two guys, who are still on trial, are simply charged with holding false documents that were most likely used in BEC assaults.
The release states, “The three individuals, aged 31 to 38, were each caught in possession of bogus documents, including counterfeit invoices and forged official letters.”
Interpol said last week that the accused leader of the SilverTerrier BEC group had been apprehended in a separate operation code-named “Delilah.”
Using Agent Tesla
According to Interpol, the arrested suspects’ PCs and cellphones were thoroughly checked, and investigators discovered evidence of Agent Tesla deployment.
Agent Tesla is a formidable information-stealer and keylogger that can steal passwords stored in web browsers, email clients, FTP, and other software. It has been around for several years.
It usually infects people using a phishing email with a malicious attachment, most lately PowerPoint documents.
Omorume is thought to have utilised Agent Tesla to acquire account credentials in target firms, access email correspondence, and conduct surveillance in this case.
This is necessary to establish the basis for a successful BEC attack, since the malicious actors will know when to strike and what details to offer the target with to persuade them.
It is indeed important to note that Agent Tesla is being widely used right now, with a recent ASEC malware detection report ranking the malware first, ahead of Formbook, RedLine, Lokibot, Wakbot, and AveMaria.
