Name : Tharaga Mulalo

Course : SANCS24 Talent Accelerator Program

SANCS24-1 Assignment

Task : # 6

Due date : 31 July 2024

Title : SilverTerrier

SilvertTerrier
SilverTerreir is a Nigeria threat group that has been seen active since 2014. They have been
identified by the Interpol’s Global finance crime taskforce to be from Nigeria, they are the
syndicate of over 400 unique actors or groups SilverTerrier is a code name for a syndicate of
BEC(Business Email Compromise) cyber criminals. BEC is the most common and costly
threat facing the customers. They have targeted big organisation like higher education, high
tech , manufacturing , healthcare and construction and their target was also western Africa
countries.. The group uses malware to attack their targets. The distribution of the malware
has grown over the past 2 years to its current rate of 5000-8000 attacks per month. The group
used phishing emails to be able to hack their target. The silverTerrier attacker are educated
some went to technical secondary schools and holds undergraduate degrees from the Federal
University of Technology (FUTO) and they are in their mid 40s.

sliverTerrier uses several software to attack their target such as :

 Agent Tesla malware (S0331) : Agent tesla malware is a Net-Based Remote Access
Trojan (RAT) and data stealer for gaining initial access that is often used for
Malware-As-A-Service(MaaS) . agent Telsa is the most leading malware that
organizations faces.
 DarkComet (S0334):is a Remote Access Trojan(RAT) application that run in the
background and silently collect information about the system , connected users , and
network activity. It may not provide any indication of infection to the user and it may
disable antivirus programs and other Microsoft windows security features.
 Lokibot (S0447) : it is classified as credential harvester , infostealer and remote access
trojan(RAT) , it is popular for its ease to use and effectiveness at gaining initial access
target systems. It is also a malware-as-a-service(MaaS).
 NanoCore (S0336) : The malware performs remote code execution (RCE) on a
victim's computer as a sophisticated second-stage malware called a remote access
trojan (RAT). Although nanocore is usually delivered via infected Microsoft Office
documents, it has also been observed to be delivered via more sophisticated methods
such as such as in encrypted .zip/.zipx files, .iso disk image files, and binary image
files, to evade endpoint security products.
 NetWire (S0198) : This software is a remote access Trojan (RAT), which is
effectively a password thief and keylogger combined with remote control features.
 Predate pain : also known as Hawkeye ,is a dangerous trojan and keylogger ,it also a
malware that is used to steal information from PCs. It mainly combined with other
malicious software to steal passwords from clients and web browsers.
 Pony : pony is more than just a code for cryptocurrency or credential theft , it is a
botnet controller that targets windows machines. It also drops other viruses with
different tasks on infected machines.
 Zeus : they also used Zeus trojan virus which was first created in 2007 , when hackers
in Eastern Europe used it to target the united states Department of Transportation. It
infects its victim through two primary vectors : phishing emails and malicious
downloads.
Nigeria have had increased on the scope of their analytic effort that included commodity
malware families employed by Nigeria actor. They attributed more than 30,000 samples of
malware to roughly 300 unique actors or groups that they contie to track under the code name
silverterrier. A 45 percent increase in attacks from 2016 was recorded in 2017, with 17,600
attacks per month. The attackers ability to surge also increased , peaking at 41,000 attacks
observed in august 2017. Silverterrier actors preferred to use large target audiences, which
maximized the likelihood of success with very little risk. Silverterrier group never hid they
use to register their malware infrastructure are easily associated with their public social media
accounts on Google , Facebook , MySpace, Instagram and many dating and blogging sites.
Each silverterrier actor is unique and falls a diverse spectrum when it comes to career
choices.

REFERENCES:
1. Unit42.(2016).SILVERTERRIER:THE RISE OF NIGERIAN BUSINESS EMAIL
COMPROMISED. Retrieved November 13, 2018
2. TONYA RILEY (MAY 25 ,2022) : INTERPOL hauls in alleged Nigeria cybercrime
ringleader.(2024-07-30). https://www.google.com/url?
sa=t&source=web&rct=j&opi=89978449&url=https://cyberscoop.com/tag/
silverterrier/
&ved=2ahUKEwjIivOp1NGHAxWDZ0EAHYhEDqgQFnoECCEQAQ&usg=AOvVa
w1ifJg94YMvt7sq8e4y8M9e
3. Peter Renals , Simon Conant (2016-01-01): Palo Alto Network unit 42.(2024-07-29).
https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://
malpedia.caad.fkie.fraunhofer.de/actor/
silverterrier&ved=2ahUKEwjIivOp1NGHAxWDZ0EAHYhEDqgQFnoECCUQAQ&
usg=AOvVaw0Rjf-2B1NIbO2KYjsFpRNA