Interpol arrested three Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions and steal sensitive data.
Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer Bee. The three men are suspected of using the Agent Tesla RAT to reroute financial transactions and steal confidential details from corporate organizations. The suspects, aged between 31 and 38, the police found them in possession of fake documents, including fraudulent invoices and forged official letters.

The list of victims includes oil and gas companies in South East Asia, the Middle East and North Africa.

Agent Tesla, first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.
Both cybercriminal groups and actors involved in espionage operations use this RAT due to Agent Tesla’s stability, flexibility and functionality that allows for the collection of sensitive data and exfiltration from the victim.
The operation Killer Bee involved INTERPOL’s General Secretariat headquarters and National Central Bureaus (NCBs) and law enforcement agencies from 11 countries across Southeast Asia.

One of the fraudsters, Hendrix Omorume, has been charged and convicted of three counts of serious financial fraud, the two other men are still on trial. Omorume faces a one-year prison sentence.

“Through its global police network and constant monitoring of cyberspace, INTERPOL had the globally sourced intelligence needed to alert Nigeria to a serious security threat where millions could have been lost without swift police action,” said INTERPOL’s Director of Cybercrime, Craig Jones. “Further arrests and prosecutions are foreseen across the world as intelligence continues to come in and investigations unfold.”
Last week, the Interpol, the Nigeria Police Force, with the support of several cybersecurity companies (Group-IB, Palo Alto Networks Unit 42 and Trend Micro) has identified a 37-year-old Nigerian man that is believed to be one of the leaders of the SilverTerrier cybercrime group.

[출처 : SecurityAffairs / 5.30.]