Over the past week, Interpol has announced two successful operations which resulted in the arrest of several individuals believed to be behind a string of cyberattacks as well as operations to disrupt criminal operations. Both operations resulted in the arrest of Nigerian citizens believed to be behind malware-assisted financial attacks and Business Email Compromise (BEC) scams.
The latest announcement involved an operation dubbed “Killer Bee” which was led by Interpol with the assistance of Nigerian law enforcement as well as law enforcement agencies from 11 southeastern Asian countries culminated in the arrest of three Nigerian nationals.
Those arrested are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials. The three individuals arrested are believed to be part of a wider gang known for targeting large corporations, particularly those involved in the oil and gas industry.
While the announcement makes no mention of the gang's victims or the amount of money potentially stolen, it did go on to say traces of the RAT Agent Tesla were present on devices seized by law enforcement.
The malware first appeared on security researcher radars in 2014 and the past, the malware has used numerous methods to escape detection and analysis making any researcher’s job much harder. According to Qualys, “Agent Tesla mainly gets delivered through phishing emails and has capabilities such as keylogging, screen capture, form-grabbing, credential stealing, and more. It will also exfiltrate credentials from multiple software programs like Google Chrome, Mozilla Firefox, and Microsoft Outlook – making its potential impact truly catastrophic…The malware ..
Support the originator by clicking the read the rest link below.
