In Lagos, Nigeria, three Nigerian nationals were arrested for their involvement in a widespread Business Email Compromise (BEC) campaign. The three men were also allegedly involved with a large organized crime group known as TMT, which is known to be involved in cybercrime such as phishing attacks, malware distribution, and extensive BEC fraud. The three men arrested were likely responsible for setting up phishing links and mass mailing campaigns to perpetrate BEC attacks. The attacks delivered 26 malware families, including spyware and remote access tools (RAT) to victims.
Some of the malicious tools deployed by TMT include AgentTesla, Loki, Spartan, Remcos RAT, and Azorult. The campaigns aimed to launder funds and scam victims into providing sensitive details related to banking and finances. Devices belonging to the three arrested TMT members have helped law enforcement to identify over 50,000 victims, although it is likely there are thousands more. The members were arrested as part of an investigation conducted by Interpol and Group-IB targeting cybercrime. Group-IB has been tracking TMT and its subdivisions for over a year.