Group-IB helped Interpol detain the leader of an international group of phishers


As part of the Delilah international operation, Group-IB experts provided law enforcement agencies with data that allowed them to identify the alleged leader of a group engaged in mass phishing mailings and compromising business email (Business Email Compromise, BEC). Thanks to the collected digital evidence, the Nigerian police were able to detain the cybercriminal, the company said in a press release.

Delilah is the third Interpol operation conducted in close cooperation with the Nigerian police, experts from Group—IB, Palo Alto Networks and Trend Micro, against members of the TMT hacker network (SilverTerrier). Delilah was preceded by Operation Falcon I in 2020 and Falcon II in 2021 — as a result, 14 alleged members of the group were arrested.

Group-IB has been monitoring the activities of the TMT criminal group since 2019. According to experts, by 2020 TMT has compromised more than 500,000 e-mail addresses of public and private companies in more than 150 countries around the world. For example, on the laptop of one of the suspects detained in Nigeria during Operation Falcon II, the police found more than 800,000 credentials of potential victims.

In May 2021, a police operation codenamed Delilah was initiated by experts from Group-IB, Palo Alto Networks — Unit 42 and Trend Micro. The data obtained was supplemented with information from analysts from the INTERPOL Cyber Fusion Centre and sent to Nigeria to complete the investigation with the support of law enforcement agencies in Australia, Canada and the United States.

As a result, the operatives were able not only to identify the identity of the suspect — the 37-year-old leader of the group (pictured), but also were able to remotely monitor all the actions of the attacker on the network, including monitoring his movements from one country to another. As a result, the Nigerian law enforcement agencies successfully detained the suspect at the Murtala Mohammed International Airport in Lagos, he was charged.

“Operation Delilah clearly demonstrates how effective the fight against cybercrime can be when all parties to the investigation are involved and interested in the result,” said Dmitry Volkov, CEO of Group—IB.

According to Volkov, the company is proud that law enforcement agencies have used the experience of Russian specialists.

Start a discussion …