Interpol announced that three Nigerians who allegedly belong to a hacking group were arrested yesterday in Nigeria and specifically in its capital, Lagos. The criminal gang has committed numerous attacks all over the world, with tens of thousands of victims. In a report revealing its involvement in the investigation into the case, the security company "Group-IB" stated that the three suspects are members of a hacking group, which is known by the code name "TMT" and operates from in 2019.
Group-IB reports that the hacking group has carried out attacks mainly orchestrating massive spam e-mail campaigns, during which he sent potential victims files with malware. To send spam emails, the team used the "Gammadyne Mailer" and "Turbo-Mailer" email automation tools and then relied on "MailChimp" to monitor if a recipient opened the emails they were sending. The attachments archives contained various malware strains, which gave attackers access to infected computers, where they focused on theft credentials from browsers, emails and FTP clients.
According to Group-IB, the cybercrime team relied solely on a variety of malware strains available to the public, such as AgentTesla, Loky, AzoRult, Pony, NetWire - which are available for free download or available for sale at cheap prices in underground forums.
Just the hackers gained access to credentials, performed BEC attacks. This is a type of cyber fraud in which they tried to defraud companies into making payments to the wrong accounts controlled by team members.
With an ongoing investigation into the hacking team, Interpol and Group-IB say they have been able to identify more than 50.000 organizations infected with the group's malware. In total, more than 500.000 public and private companies in over 150 countries received emails from the group. In addition, Group-IB noted that the group was organized into many smaller subgroups, while many of its members are still free.
It is worth noting that a representative of Group-IB stated that this group, whose members were arrested in Nigeria, is not the same group "TMT" that refers to a report of Advanced Intel 2019, as one of its main distributors REvil ransomware.