SilverTerrier

SilverTerrier is a code name for a syndicate of BEC cyber criminals. Identified by the Interpol's Global Financial Crime Taskforce to be from Nigeria, they are a syndicate of over 400 unique actors or groups accused of targeting thousands of organizations worldwide through business email compromise (BEC) scams.

Starting as far back as 2014 as novices, the cyber crime gang has used tens of thousands of financial scams dating back using several malware tools.

Background
In 2014, security researchers at Palo Alto Networks' Unit42 threat-intelligence coined the name SilverTerrier to describe novice Nigerian malware groups using business email compromise attacks to exploit organizations across several sectors and countries. By 2019, 81,300 malware samples by Nigeria's BEC groups were attributed to over 2,100,00 attacks. In 2019, the group was linked to over 400 threat actors, compared to 300 in 2018. They were observed to have gone from launching 28,000 BEC attacks per month in 2018 to 245,637 in 2019 towards organizations across many sectors.

They've been responsible for attacks on 50,000 different individuals and companies since inception.

They have been linked to several COVID-19 themed attacks consisting of fake orders for personal protective equipment, shipping delay notices for COVID-19-related items, fake vaccine-related news which come attached with malware.

Law Enforcement Activity
Due to the high profile of SilverTerrier, they garnered the attention of a wide range of Law Enforcement agencies. This eventually led to arrests of 11 individuals being made between December 13, 2021, and December 22, 2021, during an operation by the Nigerian Police Force and INTERPOL.

The arrests were a combined effort by Interpol's Cybercrime Directorate in Singapore, Nigerian law enforcement agencies, Group-IB and Palo Alto Networks.

The suspects were based in Lagos and Asaba, and were regarded as being part of the technical backbone of the operations, rather than low-level money mules.

According to a statement by the Assistant General of Police, Garba Baba Umar who doubles as the INTERPOL's vice president for Africa, "One of the arrested suspects was in possession of more than 800,000 user names and passwords. Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made".

In May 2022, Interpol announced the arrest 37-year-old Nigerian man in an international operation spanning four continents. The individual was regarded as the leader of the cybercrime syndicate. The police operation, codenamed Delilah, was initiated by an intelligence referral from several INTERPOL partners from the private sector: Group-IB, Palo Alto Networks Unit 42 and Trend Micro.