Menu
Browse

Cyber Threat Actor: SilverTerrier

Actor Type Location Known Incidents
 Icon
Crime Syndicate
Nigeria
3 incidents
Profile

SilverTerrier is a Nigerian‑based cybercrime group that has been active since at least 2014 and is known by the alias SilverTerrier. The group primarily targets organizations in the technology, higher education, and manufacturing sectors, as indicated by open‑source reporting on its activity profile. Its operations are motivated by financial gain, with observed attempts to fraudulently redirect funds and to harvest credentials for resale. Law enforcement agencies from four continents have cooperated in investigations targeting the group’s members.

The group's typical tactics include business email compromise schemes in which attackers impersonate trusted suppliers to request changes to bank account details, as seen in the February 2021 incident against the Chilean state‑owned oil company ENAP. After gaining initial access through deceptive emails, SilverTerrier has also compromised internal email systems to send large volumes of spam messages from compromised accounts, thereby extending the reach of its fraud. In addition, the group has deployed phishing kits hosted on legitimate domains, such as the Nigerian National Assembly website in March 2019, using fake security seals and official imagery to harvest user credentials for monetary profit. These methods rely on social engineering and the abuse of trusted communication channels rather than on specific malware families.

Notable publicly reported operations include the BEC attempt on ENAP, where the attackers posed as a supplier, induced a fraudulent wire transfer, and subsequently used the compromised director’s mailbox to distribute spam containing malicious links. Another representative campaign involved the prolonged hosting of a DHL‑themed phishing kit on a Nigerian government domain, which remained active for over two weeks and collected credentials for sale. The group is estimated to have posed a threat to more than fifty thousand potential victims, and Nigerian authorities have arrested individuals believed to be associated with SilverTerrier, including an upper‑ranking member and a group of eleven suspects linked to the organization in early 2021. These actions demonstrate the group's persistent focus on financially driven cybercrime across multiple geographic regions.

Attribution to SilverTerrier is based on its self‑identified Nigerian origin and the pattern of its criminal activity; no credible public source has linked the group to a state sponsor or to a larger cybercriminal consortium. The group's members have been pursued by law enforcement in Nigeria and internationally, reflecting a transnational criminal network rather than a state‑aligned entity. Its continued use of established fraud techniques and its adaptation to exploit trusted online services underscore its ongoing threat to targeted industries.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
2 sources