- The group has been actively targeting US enterprises and government institutions.
- The group uses various techniques to get their job done easier and faster.
Researchers have identified a highly-sophisticated Nigerian business email compromise gang that has managed to make millions of dollars through different BEC attacks. The group has been actively targeting US enterprises and government institutions.
The big picture
According to researchers from Agari Cyber Intelligence Division (ACID), the cybercrime group, dubbed Scattered Canary, has evolved over the past 10 years to perform large scale criminal business frauds. The group had come into existence in 2008 with one-man operation running Craiglist and romance scams. Currently, the group includes at least 35 threat actors.
The Scattered Canary has been actively involved in credentials phishing operations that lead to BEC scam and credit frauds.
“Based on historical research into Scattered Canary’s operations, the group started with a single individual, who we call Alpha in this report. Alpha started out in the trenches of Craigslist scams with his mentor, Omega, who would expose Alpha to things like check fraud and romance scams,” said ACID researchers.
Scattered Canary’s entry into BEC scam
Scattered Canary’s BEC operations were first detected when the group targeted Agari’s Chief Finacial Officer Raymond Lim in November 2018. Since then, the researchers have been closely tracking the group to get a close view of their attack techniques and procedures.
“Since its inception, at least 35 different actors have joined Scattered Canary in its fraudulent schemes. The group has turned to a scalable model through which they could run multiple types of scams at the same time. And with multiple tools designed to help them expand their operations and stay hidden from law enforcement, it is no wonder that they are seeing massive success,” added researchers.
The cybercriminal group uses various techniques to get their job done easier and faster. The technique ranges from using phishing message templates to calling over VOIP phone numbers and hiding their real location through VPNs.
During their investigation, the researchers discovered 26 different message templates that were used by Scattered Canary crooks to target organizations.