Making away with $6 million, Operation Triangle – a complex man in the middle phishing scheme that laundered money was comprehensively dismantled by the joint efforts of an international law enforcement raid that was coordinated across Europe.

58 issued search warrants were executed with suspects’ seizures that included hard disks, telephones, laptops, credit cards, SIM cards, bank documents, forged documents and memory sticks. Of the 49 alleged cybercriminals, twenty were arrested in Italy, 18 in Poland, 10 in Spain and one in Belgium, making the bust a truly international operation.

The bust

In order to ensure proper communication and swift coordination across the various agencies involved, a centralized coordination hub was set up at Europol’s headquarters in The Hague. The European Cybercrime Centre (EC3), Eurojust – led by the Italian Polizia di Stato, the Polish Central Bureau of Investigation and the Spanish National Police were all involved in the bust.

Operation Triangle

Cybercriminals active in Italy, Spain, the United Kingdom, Poland, Belgium and Georgia used multiple steps to carry out the complex phishing and malware scam dubbed Operation Triangle. Here’s how they carried out their attack.

Medium and large European companies were first targeted before concentrated, repeated cyber-attacks were carried out.

These cyber-attacks were through means of phishing techniques and man in the middle attacks, with credentials being stolen for the companies’ internal accounts.

With the corporate email accounts hacked, the attackers snooped around to keep an eye on correspondence through email to look for payment requests.

Once critical payment communication was intercepted, the attackers reached out to the company’s customers, tricking them to send payments to bank accounts under the control of the cybercriminal group.

As soon as the payments were wired through, the money was withdrawn, presumably by using money mules in various countries including Spain, Cameroon and Nigeria.

The ill-gotten gains, totaling up to $6.8 million were then transferred outside the European Union through what Europol deemed “a sophisticated network of money laundering transactions.”

The incident puts the spotlight on funds-transfer social engineering scams. “There are many variations of scams that use social engineering to convince targets to wire funds to bank accounts controlled by the fraudsters,” said Brad Taylor, a cyber-security expert.

“Some use similar domain names to trick targets into thinking they are receiving a legitimate email from their manager or a vendor with a request to transfer funds. Organizations should educate their finance teams to be aware of such attacks and identify suspicious, lookalike email domains and block them.”