According to a Check Point Research Team investigation, a Nigerian man attacked 4,000 companies in energy, mining, and construction sectors in several countries, including Croatia, Abu Dhabi, Egypt, Kuwait, and Germany over a period of four months. The Nigerian didn’t use any sophisticated method but was able to infect the companies’ networks, steal their data, and commit fraud by using emails that lacked proper social engineering. The malware used in the email is called Netwire. The attacker also uses a freeware scraping tool to obtain email addresses. Check Point did not reveal the magnitude of the attack or the damage from it.
The researchers at Check Point found out that the Nigerian man used a simple phising emails similar to those sent by Saudi Arabian oil giant Saudi Aramco, and targeted the financial sources inside victim companies. The email, sent with a Sir/Ms. opener to multiple people, drops a malware when opened, or tricks the recipient to reply with their banking details. The emails indicated that hacker is not extremely skilled and even lacks the understanding of social media.
While revealing the identity, Check Point said that the man behind the attack is a Nigerian national and uses “Get Rich or Die Tryin” saying by 50 Cents as his social media motto. In their report the Check Point wrote, “The malware used is NetWire, a remote access Trojan which allows full control over infected machines, and Hawkeye, a keylogging program. The campaign has resulted in 14 successful infections, earning the criminal thousands of dollars in the process.”