Three suspected members of a notorious cybercrime ring have been arrested in Lagos for offences including scamming over half a million companies, globally.
The hackers, named TMT, are part of a larger group that distributes malware, phishing campaigns and business email compromise scams.
They were brought in after an investigation by Singapore-based cybersecurity firm Group-IB, Interpol and the Nigerian police force.
The suspects are alleged to have used phishing links and mass emailing campaigns under the guise of purchasing orders, product inquiries and even Covid-19 aid, infecting organisations and siphoning funds from businesses and individuals.
The group is also believed to have compromised government and private sector companies in more than 150 countries since 2017, including the U.S., Japan and the U.K., according to a statement from Group-IB on Wednesday.
Group-IB has been tracking the group since 2019 and is still investigating how the hackers monetised the data, though it’s common among criminals to sell such data in underground markets, the cybersecurity firm said.
Three individuals, age 32 to 35 were arrested by the Nigerian cybercrime police unit. The data discovered on their devices confirmed their involvement in the criminal scheme and identified stolen data from at least 50,000 targeted victims, according to the Nigerian police.
“This group was running a well-established criminal business model,” Craig Jones, Interpol’s cybercrime director said in the statement. “From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation.”