Nigerian email scammers upped their game, averaging 90,000 attacks monthly in 2019

The "SilverTerrier" group has evolved into a mature hacking threat over the past five years, researchers say.
email, spam, phishing, spearphishing, scam, fraud
(Getty Images)

A group of Nigerian scammers blamed for email fraud accelerated their attacks last year by attempting an average of more than 90,000 attacks per month.

The hacking crew, dubbed SilverTerrier by security researchers, began around 2014 as a small group that experimented with easy-to-detect hacking tools. By 2019, though, it had evolved into a team of “mature cybercriminals” who have produced 81,300 malicious software samples connected to 2.1 million attacks, according to Palo Alto Networks findings published Tuesday.

SilverTerrier specializes in business email compromise attacks, the kind of email scam in which fraudsters impersonate a victim’s coworker or friend, then ask for wire transfers. It’s a relatively unsophisticated technique that nonetheless cost U.S. victims $1.7 billion in 2019, according to internet crime figures from the FBI. Nigeria, meanwhile, remains a hotspot, if separate indictments against dozens of Nigerian citizens from November and August last year are any indication.

The SilverTerrier group is partly responsible for a 1,163% uptick in attacks against the professional and legal services industry last year, according to the Palo Alto Networks research.


Researchers have traced a fraction of this activity to an individual, identified only as “Actor X,” who is living in Owerri, Nigeria with a spouse and three children. The man graduated from the Federal University of Technology in Owerri before going on to complete a year of service with the National Youth Service Corps in Nigeria, according to Palo Alto. This individual is now in his early 40s, and has registered more than 480 domains and 90 email addresses for nefarious purposes.

“[H]e appears to be active in the community and presents himself as a legitimate businessman, providing technical services,” the report notes. “Additionally, like many threat actors, he maintains accounts on Facebook and Skype, in which his contacts include friends, family, other malware actors, local law enforcement and prominent figures from his community.”

Actor X has targeted more than 2,600 victims, including 93 state, local and federal government entities in 31 U.S. states, researchers said.

The SilverTerrier hackers, like other groups, typically rely on remote-access trojan tools, which allow the attackers to siphon data from a victim.

“Leveraging these tools, Nigerian actors can modify systems, access network resources and perform common functions on behalf of compromised users,” the report notes. “Over the past five years, we have tracked SilverTerrier’s use of 13 different RAT families.”

Latest Podcasts