Menu
Browse

Cyber Threat Actor: Capital

Actor Type Location Known Incidents
 Icon
Crime Syndicate
Nigeria
1 incident
Profile

The threat actor known as Capital is associated with Nigeria and has been linked to financially motivated cybercrime targeting the banking sector. The actor’s known alias appears in open‑source reporting of a 2022 incident in which a cooperative bank in Andhra Pradesh, India, was compromised. The strategic objective demonstrated in that case was monetary gain, as evidenced by fraudulent alterations of account balances and the subsequent transfer and withdrawal of funds.

The actor’s typical initial access vector involves phishing emails that deliver a remote access trojan (RAT) to employees of the target organization. In the reported incident the RAT was installed after exploiting the absence of a valid firewall license, missing intrusion detection or prevention systems, lack of phishing protections, absent virtual LAN segmentation, and insufficient employee cybersecurity training. Once the RAT provided unauthorized access, the attackers manipulated core banking systems to inflate balances in multiple accounts and routed the illicit proceeds to numerous domestic accounts before cashing out via a large‑scale ATM withdrawal campaign.

Attribution details from the investigation indicate that suspects from Nigeria and the United Kingdom were involved, using proxy IP addresses and virtual private networks to conceal their locations. Arrests included Nigerian nationals who handled account operations and fund distribution, while domestic accomplices assisted with the movement of money. The illicit proceeds were believed to be moved overseas through hawala networks or cryptocurrency transactions, suggesting a transnational criminal operation rather than a state‑sponsored effort. The 2022 attack on the Mahesh Co‑Operative Urban Bank serves as a representative example of the actor’s operational pattern.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources