As three members of the cybercriminal group TMT were recently arrested, details emerge around the breadth and depth of their attacks from a year-long Interpol investigation.

The cybercriminal group known as TMT are responsible for attacks on nearly half a million government and private sector companies, according to Group-IB. Last month, Interpol’s year-long investigation, known as “Operation Falcon” resulted in the arrests of three Nigerian individuals.

According to reports, TMT’s cyberattacks have involved malware distribution, phishing, and extensive BEC fraud. While most of their phishing scams were sent via web-based mailing platforms, it was noted that compromised email accounts were also used to send phishing messages –one of the key elements in establishing credibility within BEC scams.

The group utilized over 26 different pieces of malware, spyware and remote access tools. TMT used them to infiltrate and monitor the systems and applications of victim organizations to gather intel, then launching scams and syphoning funds.

Dubbed a “well-established criminal business model” by Interpol, TMT represents what’s both possible in cybercriminal groups, as well as what exists today.

TMT relied heavily on phishing and spear phishing attacks as the initial attack vector, putting your user directly in the crosshairs. It’s imperative that your users undergo Security Awareness Training as a means of reducing the attack surface by having a vigilant user at the keyboard. TMT continues to operate, as these three are just the first to be arrested. Realizing the effectiveness of such organizations should be reason enough to get started on improving your security stance.