EXECUTIVE SUMMARY:
What has appeared to be the work of an expert gang or state-sponsored agency in carrying out a series of cyber attacks on a global scale is something else entirely. Instead, the mastermind turns out to be a lone Nigerian man in his mid-20s. He has targeted more than 4,000 companies in the energy, mining, and infrastructure sectors–and earned thousands of dollars in the process. His motto, posted on his Facebook account: ‘Get rich or die trying.’
The campaign, which began in April 2017, uses fraudulent emails that appear to originate from oil and gas giant Saudi Aramco, the world’s second largest daily oil producer. The emails are crude and unsophisticated, with little-to-no effort made toward social engineering. Moreover, the hacker uses a combination of generic messaging, malware that is old and readily available, and freeware to ‘scrape’ email addresses from corporate websites, which he then uses as targets. Essentially, it’s the hacker’s version of using string and duct tape to pull off a major heist.
Check Point researchers uncovered the cyber criminal’s identity. In the process, they noted the ease with which a relatively unskilled individual can launch a campaign that successfully breaches even large companies–despite a primitive approach. Since identifying the cyber criminal behind the attacks, Check Point’s research team has notified law enforcement authorities in Nigeria and internationally.
