Three Nigerian men have been arrested on suspicion of using malware as part of business email compromise (BEC) attacks on global companies.
Interpol revealed that Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested the men in the Lagos suburb of Ajegunle and in Benin City, 300kms from the commercial capital.
It was coordinated as part of Interpol’s “Killer Bee” operation involving law enforcement agencies in 11 countries across southeast Asia. It’s funded by the Japan-ASEAN Integration Fund (JAIF) 2.0 and supported by the Singapore Government. Additional threat intelligence work came from long-time private sector partner Trend Micro.
The policing organization claimed the men used a Remote Access Trojan (RAT) known as Agent Tesla to compromise organizations including oil and gas companies in Southeast Asia, the Middle East and North Africa.
The tool is typically used to access corporate computers with a view to monitoring communications with suppliers and other internal business processes. The scammers can then step in to request money transfers, sometimes masquerading as a supplier or senior executive.
It’s unclear exactly how the suspects operated, but the end result was to divert funds to accounts under their control, Interpol claimed.
One of the men, Hendrix Omorume, has already been charged and convicted of three counts of serious financial fraud and now faces a 12-month prison sentence. The other two are still on trial.
The three, aged between 31 and 38, were arrested in possession of fake documents, including fraudulent invoices and forged official letters, Interpol said.
Nigeria is increasingly a hotbed of cybercrime and fraud. Just last week, a 37-year-old man was arrested on suspicion of masterminding various phishing and BEC schemes.
BEC accounted for around $2.4bn in losses last year – amounting to over a third of total cybercrime losses reported to the FBI.