Posted on April 20, 2018 by Ashleigh Cowie
Security experts have uncovered a Nigerian hacking ring targeting maritime companies from across the world to steal millions of dollars.
Researchers at the Secureworks Counter Threat Unit (CTU) said previously unidentified, "Gold Galleon" specialise in business email compromise (BEC) and business email spoofing (BES) fraud to trick their victims in to handing over the money.
Whereas traditional hacking rings focus on reaching as many companies as possible, this ring have specifically been targeting maritime companies, their associates, and their customers.
According to the research, the hackers attempted to steal over $3.9 million between June 2017 and January 2018. On average per year, the report found that the hackers were attempting to steal around $6.7 million.
The types of scam are of a higher standard than normal email scams; messages are designed to appear to be from legitimate employees, contacts and associates, making the recipient much more susceptible to the fraud.
The emails persuade the user to download malicious documents containing malware payloads or visit insecure web pages.
The ring then steal the data from the victim, and have actors on hand to intercept genuine business email exchanges.
When these credentials are stolen, threat actors can then intercept genuine business email exchanges, alter orders or financial details, and quietly reap the rewards.
For example, a compromised email account belonging to a company executive could be used to send a fraudulent request for a wire transfer to the employee who handles such requests. The staff member may not immediately question this request, and then money is sent to an account controlled by the threat actor.
Maritime firms are particularly easy to manipulate over email as the conflicts in time zones means email is the most frequently used form of communication.
The hackers can use remote access software, keyloggers and password stealers to steal the data.
The group have already targeted companies operating in South Korea, Japan, Singapore, Philippines, Norway, the US, Egypt, Saudi Arabia, and Colombia.
Investigators believe the group has sever figure heads pushing out tasks to approximately 20 other group members.
CTU researchers say that the senior figures in Gold Galleon also mentor other less-experienced hackers and liaise with traders of malware.
In one case, Gold Galleon attempted to exploit a shipping company based in South Korea. The group managed to steal the credentials of eight email accounts linked to the firm.
These credentials were then used to send a fraudulent request for $50,000 for the purpose of "crew wages" to a "cash to master" (CTM) service partner. The attempt was unsuccessful.
Communication between the threat actors and the phrases they use when communicating online have linked Gold Galleon to the Buccaneer Confraternity group, which was originally set up to support human rights in Nigeria.