Three Men Accused to Have Participated in a Scheme to Launder the Profits of a BEC Attack

Last week, the U.S. District Court for the Eastern District of Virginia has accused three men of and aggravated identity theft as part of a Business Email Compromise (BEC) campaign.

What Is BEC?

As explained by my colleague Dora, Business Email Compromise (BEC)

The end goal of a BEC is to persuade the target to make a money transfer or send sensitive data to the attacker while believing they are executing a legitimate and regular business operation.

According to BleepingComputer, between January 2018 and March 2020, Onyewuchi Ibeh, 21, of Bowie, Maryland, Jason Joyner, 42, of Washington, D.C., and Mouaaz Elkhebri, 30, of Alexandria, Virginia, hacked the corporate networks of small and large businesses in the United States and around the world.

Operation Mode

Through phishing attacks or malware deployment, the three individuals compromised their victims’ computer systems, including their email servers and email accounts.

Following the initial attack, the spent several months blocking communications and learning everything they could about payment systems, communication patterns, distributors, customers, people in charge

Read More: https://heimdalsecurity.com/blog/three-men-accused-to-have-participated-in-a-scheme-to-launder-the-profits-of-a-bec-attack/