APT-style attack against over 4,000 infrastructure firms blamed on lone Nigerian 20-something

'Get rich or die trying' seems to be working out for this fellow

18 Reg comments Got Tips?

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal.

The campaign started in April 2017, and has targeted some of the largest international organisations in the oil, gas, manufacturing, banking and construction industries. The global scale of the campaign and the organisations marked suggest an expert gang or state-sponsored agency is behind it.

Security researchers at Check Point have blamed the APT-style attack on a single Nigerian national in his mid-20s, living near the country's capital, Abuja. The crook is using fraudulent emails which appear to originate from oil and gas giant Saudi Aramco, the world's second largest daily oil producer, targeting financial staff within companies in attempts to trick them into revealing company bank details, or open the email's malware-infected attachment.

The miscreant used NetWire, a remote-access trojan which allows full control over infected machines, and Hawkeye, a key-logging program. The campaign has resulted in 14 successful infections, earning the criminal thousands of dollars through a class of fraud commonly known as business email compromise.

Maya Horowitz, threat intelligence group manager for Check Point, said: "Even though this individual is using low-quality phishing emails, and generic malware which is easy to find online, his campaign has still been able to infect several organisations and target thousands more worldwide. It shows just how easy it is for a relatively unskilled hacker to launch a large-scale campaign that successfully breaches the defences of even large companies, enabling them to commit fraud.

"This emphasises the need for organisations to improve their security to protect against phishing or business email compromise scams, and to educate employees to be cautious about opening emails, even from companies or individuals that they recognise."

Since uncovering the campaign and establishing its origins, Check Point's research team has shared its findings to law enforcement authorities both in Nigeria and internationally.

Business email compromise attacks have increased dramatically over the past 18 months. The FBI reported a 270 per cent rise in victims since the start of 2016. Victims lose $50,000 on average. This class of fraud is estimated to have cost organisations globally over $3bn from 2013 to 2016.


On his Facebook account, the crook uses the motto "get rich or die trying", referencing the song by rapper 50 Cent.


Biting the hand that feeds IT © 1998–2020