One lone hacker operating out of Lagos, Nigeria is behind attempts to hack into over 4,000 organizations across the globe using basic techniques and antiquated tools, according to an investigation by researchers at Check Point.
The attacker's modus operandi is laughably simple in the eyes of a trained security professional, but they have been successful in at least 14 cases confirmed by researchers.
The attacks start with the hacker sending simple emails to a company's public or generic addresses. The attacker doesn't even try to stylize and craft professional looking email lures. He uses a generic subject line "Dear Sir/Ms.", asks for other contact information, and sends mass emails to all email addresses at the same time.
While the attacker poses as a representative of Saudi oil and gas giant Aramco, the attacker uses Yahoo emails to approach victims (e.g.: firstname.lastname@example.org, and email@example.com).
The Nigerian hacker specifically targets the staff in the organizations' financial department. If anyone responds, the attacker either tries to trick the victim into revealing bank account details, which he'll later use to commit fraud and trick employees into sending funds to his own bank account.
In addition, experts say they've seen the hacker also deliver malware-infected documents. The malware included with these documents is old and easily detectable by security software and readily available online, either cracked or open-sourced.
Check Point says it's seen this actor use the Netwire remote access trojan and the Hawkeye keylogger.
The simplicity and efficiency of these attacks is stunning, but not surprising. Previously, Bleeping Computer has covered the trend of Nigerian hackers moving from classic spam and phishing attacks to more complex operations involving RATs, keyloggers, and other forms of more advanced malware.
Security researcher MalwareHunter spoke to Bleeping Computer and said this lone hacker is just one of the many actors he sees on a daily basis. Check Point says that in the past four months, they've identified evidence of this hacker's attacks aimed at 4,000 organizations.
The company says that some of the hacker's biggest targets are a marine and energy solutions company in Croatia, a transportation company in Abu Dhabi, a mining company in Egypt, a construction company in Dubai, an oil & gas firm in Kuwait, and a construction organization in Germany.
In addition, the hacker also attacked organizations in the banking sector, manufacturing, and others. Researchers believe the attacker made thousands of dollars from his criminal activity.
Just like many fellow Nigerian hackers, the attacker was careless with his personal operation security. Experts say they tracked and identified his real life persona, a mid-20 man operating from a location near the capital of Nigeria, and have even discovered some of the attacker's social media profiles.
Article title updated to reflect the fact that the attacker attempted to hack into approximately 4,000 organizations, but breached only 14. The original title stated that the attacker breached 4,000 organizations. Bleeping Computer regrets the error.