Tale of a Nigerian Hacker and 4,000 Organisations in his Target List

What the Hack

The World renowned cyber security vendor, Checkpoint recently did a case study on a Wave of Cyber Attacks on Oil & Gas, Mining, and Infrastructure Companies.

Nigerian Hacker

Over the past 4 months, over 4,000 organizations globally have been targeted by cyber-attacks which aim to steal data and commit fraud.

The attacker targeted during the campaign includes:

  • A marine and energy solutions company in Croatia
  • A transportation company in Abu Dhabi
  • A mining company in Egypt
  • A construction company in Dubai
  • An oil & gas firm in Kuwait
  • A construction organization in Germany

In the industry experts consider successful attacks on such a large scale to be carried out by expert gangs of cyber criminals, sometimes backed by a state, with the aim to destabilize the economies.

Following the extensive research, Checkpoint security researchers were astonished to know the identity of the man behind this – “a relatively unskilled man in his mid-20s, operating from a location near the capital of Nigeria”.

The Nigerian hacker, working on this own, targets financial staff within companies to trick them into revealing company bank details and commit fraud. The hacker uses fraudulent emails which appears to be sent from oil and gas giant Saudi Aramco.

The campaign has resulted in 14 successful infections, earning the cyber-criminal thousands of dollars in the process

You would be interested to know what’s in his kit? So, researchers at Checkpoint confirms, the Nigerian hacker could achieve 14 successful infection with not more than a NetWire malware, a remote access Trojan which allows full control over infected machines, and Hawkeye – a key logging program.

His fraudulent emails are unpolished and unsophisticated; urging victims to send back banking details, perhaps for future scams. The attacks were launched from the email addresses sale.cement_till_tw@yahoo.com, and cciticarinternational@yahoo.com.

In addition to the financial losses resulting from the attack, the malware used by the criminal to infect organizations gives remote control over infected machines, and can perform key logging functions or even harvesting of a variety of information from infected machines, such as details on the companies’ operations, assets and intellectual property.

The Checkpoint, however, did not uncover the identity of the cyber-criminal on public, but has informed law enforcement agency to take over the charge.