An international cyber-crime ring known as Operation Triangle, credited with pilfering $6 million in a complex phishing-man-in-the-middle-malware-money laundering scheme, has been dismantled by a joint international law enforcement operation.
Europol's European Cybercrime Centre (EC3) and Eurojust, led by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies, hunted down 49 suspects in six countries, searching 58 properties.
A coordinated raid resulted in authorities seizing laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank-account documents.
Operation Triangle, a group of cyber-criminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia, used a multi-step modus operandi to carry out the fraud. It carried out repeated cyber-intrusions against medium and large European companies through social engineering/phishing techniques and MiTM hacks, stealing credentials for internal email accounts. Once access to companies’ corporate email accounts was secured, the offenders monitored communications to detect payment requests.
From there, the company’s customers were then requested by the cyber-criminals to send their payments to bank accounts controlled by the criminal group. Once made, those payments were immediately cashed out, probably using money mules from Nigeria, Cameroon and Spain, who transferred the illicit profits to outside the European Union through a sophisticated network of money laundering transactions.
It’s a great win for Europol et al, which has a notoriously difficult task in tracking down the perpetrators of location-less crime.
To enable swift coordination and communication between the different officers involved in this transnational operation, a coordination centre was established at Europol’s headquarters in The Hague. Representatives from law enforcement agencies participating in the action day were present in the coordination centre, facilitating international information exchange along with Eurojust. At the same time, Europol specialists provided operational support on the ground in Italy and Spain, through the deployment of Europol mobile offices.
The situation should put enterprises on notice regarding funds-transfer social engineering. "There are many variations of scams that use social engineering to convince targets to wire funds to bank accounts controlled by the fraudsters,” Brad Taylor, CEO at Proficio, told Infosecurity. “Some use similar domain names to trick targets into thinking they are receiving a legitimate email from their manager or a vendor with a request to transfer funds. Organizations should educate their finance teams to be aware of such attacks and identify suspicious, lookalike email domains and block them."