Networks security firm, SecureWorks, has raised an alarm over a group of Nigerian hackers group called Gold Galleon. The report revealed that Gold Galleon is a group of 20 individuals who work together to hack maritime firms all over the world using basic techniques and have become a menace to shipping firms and bleeding them thousands of dollars.
They rent hacking tools for just a few dollars per month and communicate via Skype, they identify targets using online company directories and commercially-available contact lists.
The group which does not target a wide range of businesses targets solely global maritime shipping businesses and their customers.
It also revealed that between June 2017 and January 2018, Gold Galleon attempted to steal a minimum of $3.9 million U.S. dollars from maritime shipping businesses and their customers. The threat actors’ theft attempts, average $6.7 million per year.
How the hacker group works
Once the group has identified a new target, it sends a spearphishing email carefully tailored to the recipient.
The email has an attachment containing malware, which deploys on the unsuspecting victim’s computer and logs his or her keystrokes, recording the username and password for the victim’s business email account.
Once the account is compromised, the group uses a software tool to collect all the email addresses with which that user has had an interaction, and it sets itself up to intercept business transactions between the user and his or her clients.
Many maritime firms use email to handle invoicing and payment details and when the group sees payment details relayed on an invoice in a compromised email account, it intercepts the invoice, alters the account numbers to direct the money to its own “mule” bank account instead.
It uses a similarly-worded email address to send the altered request on its way to the intended recipient. Often, the buyer will not detect the change to the sender’s email address and the bank details, and will simply pay the fraudulent invoice.