GRTech
How Nigerian hackers steal thousands of dollars from shipping firms


Nigerian hackers, grouped as Gold Galleon, are menacing shipping firms and bleeding them of thousands of dollars. Network security firm Secureworks has red-flagged the group, whose focus appears solely to be the maritime industry. The group, according to a report by Maritime Executive, an online platform, uses basic email scams and publicly available hacking software to try to steal hundreds of thousands of dollars from unsuspecting ship managers and service providers.
Secureworks said Gold Galleon is a group of about 20 individuals who work together to hack maritime firms all over the world using basic techniques. They rent hacking tools for just a few dollars per month; they communicate via Skype; and they identify targets using online company directories and commercially-available contact lists. While the criminal gang uses an online proxy service to disguise its location, several cues indicate that it is of Nigerian origin, Secureworks said. The group communicates in pidgin, an English creole language, and it uses phrases assocated with a Nigerian social organization called the “Buccaneeers Confraternity” for usernames and passwords.
Once the group has identified a new target, it sends a spearphishing email carefully tailored to the recipient. The email has an attachment containing malware, which deploys on the unsuspecting victim’s computer and logs his or her keystrokes, recording the username and password for the victim’s business email account. Once the account is compromised, the group uses a software tool to collect all the email addresses with which that user has had an interaction, and it sets itself up to intercept business transactions between the user and his or her clients. Many maritime firms use email to handle invoicing and payment details.
When the Gold Galleon group sees payment details relayed on an invoice in a compromised email account, it intercepts the invoice, alters the account numbers to direct the money to its own “mule” bank account instead, and uses a similarly-worded email address to send the altered request on its way to the intended recipient. Often, the buyer will not detect the change to the sender’s email address and the bank details, and will simply pay the fraudulent invoice.
GRTech
Nigeria’s Biggest Tech Conference Opens in Enugu
Minister Bosun: I’ve never seen anything so big | Mbah: We’re driven by the knowledge that the future is technology, reports SANDRA ANI


The 2025 Enugu Tech Festival being organised by the Enugu State Government kicked off on Wednesday with the Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani, describing it as the biggest technology conference that has ever happened in Nigeria.
Tijani said the Tech Festival, which attracted thousands of youths from within and outside the state, was a major leap for Nigeria’s determination to build a robust digital economy, noting that Enugu State under Governor Peter Mbah, had moved from policy to progress to lead the tech revolution in Nigeria.
This was even as Governor Peter Mbah urged the youths to embrace technology, insisting that the future is technology.
Speaking, the Minister said that the Tech Festival, tagged Coal to Code, fitted into the agenda and activities of the Federal Ministry of Communications, Innovation and Digital Economy, having recognised that the future of digital economy in Nigeria would not only be built in Abuja, but would instead be co-created across all states.
“Enugu is showing how this should and will be done. I have never, never been to a conference on technology in Nigeria that is this big. I founded the first technology hub in Nigeria, the very first in Nigeria. So, I know a thing or two when technology people gather. I can assure you that today, you are part of history because we have never seen anything this big in Nigeria before.
“There is something powerful about your state: the energy, the ambition, the possibilities. Just two years ago, only a few people could imagine this kind of tech momentum. But today, Enugu has not just imagined, Enugu is building it. Under two years, we have seen investment in digital infrastructure, and the innovation ecosystem of the state.
“What is happening today in Enugu is part of something bigger. We are now witnessing a generational rise, not one where people complain and protest, but one where creativity is used to shape the future. Not just with passion, but with precision,” he stated.
While commending the participants for rising to “create the kind of Nigeria the world will pay attention to,” Tijani called for collaboration, commitment, and hard work by all stakeholders to make it happen.
“Progress is not automatic, but needs all of us. It needs the government to continue to be brave. It needs the private sector to invest deeper. It needs mentors, builders, teachers, and it needs leaders,” he concluded.
Speaking, Governor Mbah, while highlighting how his administration had invested in technology to dramatically revolutionise security, land administration, education, among others, noted that the Enugu Tech Festival was part of his government’s wider efforts to build the youth of the state into wealth creators and highly sought-after workforce of tomorrow’s workplace.
“The power of technology and innovation and what we can accomplish is something that I want the youths to be mindful of. If you look at the way things are being done in the world today, we are now talking about an era where people just sit down with great ideas, create platforms where they begin to essentially benefit from that platform.
“An example is the Uber that came and disrupted the city taxi without owning a key. Today, they provide by far the largest traffic just by creating a platform. You can extend that to Airbnb. Without owning a key, these guys have disrupted the business of those who own several brick and mortar houses. You can also extend that to Tesla. That is the power of technology. This shows essentially that technology is where the future is,” he emphasised.
In his remark, the Commissioner for Innovation, Science and Technology, Dr. Lawrence Ezeh, said the Enugu Tech Festival, which would now become an annual event, underscored a paradigm shift from the old Enugu known for coal to one that has become a rising force in Nigeria’s tech-driven future, a beacon of innovation, intellectual capital, digital enterprise, and endless possibilities.
“For decades, our identity was built on coal, a resource that powered Nigeria’s industrial rise. But today, we stand in a different kind of power—the power of knowledge, innovation, and technology,” he stated.
Also at the event were the Minister of Youth Development, Ayodele Olawande; Speaker, Enugu State House of Assembly, Hon. Uchenna Ugwu; former Minister of Science and Technology, Prof. Barth Nnaji; Chairman of Zinox Technical, Leo Stan Ejeh; and the Group Managing Director, Afrinvest, Dr. Ike Chioke, among a host of others.


Governor of Enugu State, Dr Peter Mbah has inaugurated the South East zonal office of the National Information Technology DevelopmentAgency, NITDA, saying it would open a new horizon for the youths of the region and move the nation closer to diversifying the economy.
Commissioning the office located at Nigeria Construction and Furniture Company (NCFC) Building at Onitsha Road, GRA, Enugu, Mbah commended the Minister of Communications, Innovation and Digital Economy, Dr. Bosun Tijani, and the Director-General of NITDA, Kashifu Abdullahi, for the initiative, promising close collaboration with the Ministry and Agency.
“The call to diversify our economy, both at the national and the subnational levels has never been more compelling than now; and there are a few sectors that hold the opportunities for us to accomplish that like the information and technology space.
“But, just having the opportunity without bringing them to fruition won’t just cut it for us. The fact that opportunity exists, we must then take steps; and for me, I think that is what this NITDA presence in Enugu represents.
“It is an opportunity for our teeming young people to have the platform to imbue themselves with lifelong skillsets that would prepare them for the dynamic global workplace of today and tomorrow,” he stated.
Speaking earlier, the Minister of Communications, Innovation, and Digital Economy, expressed delight at what he described as an extraordinary technological revolution in Enugu State, saying the NITDA South East Zonal Office would serve as a permanent bridge between national policy and local potential.
“In just under two years, this state has emerged as one of Nigeria’s most promising frontiers for innovation. What we are witnessing here is not just progress—it is momentum; and I am proud that today, we are adding fuel to that momentum.
“This commissioning of the NITDA Regional Office in Enugu is far more than the opening of a building. It is the establishment of a permanent bridge between national policy and local potential.
“It is a strategic move under the Renewed Hope Agenda of President Bola Ahmed Tinubu — a commitment to decentralising opportunity, deepening inclusion, and unlocking the full power of Nigeria’s digital economy across every region.
“By placing NITDA closer to the people, right here in the South East, we are saying clearly: no region should have to wait for innovation to reach them. Innovation must grow with them.
“This new office will serve as an engine room for digital skills development, through programs like the Three Million Technical Talent initiative; support for startups and indigenous tech solutions; regulatory advisory to help businesses thrive within the frameworks that protect Nigerians; and closer partnerships with state governments, academia, and the private sector. And there is no better place to launch this than in Enugu — a state that is not only dreaming of the future, but building it.
“I want to commend Governor Peter Mbah for proving what determined, technology-focused governance can achieve in such a short time. We are not just here to witness Enugu’s transformation. We are here to amplify it,” he said.
Tijani enjoined the young people of the South East region to grab the opportunities presented by the new office.
“To our young innovators, developers, and entrepreneurs – you now have a home in NITDA. Use it. Grow through it; and let it become the platform from which your ideas reach the world.
“Together, we will ensure that the story of Nigeria’s digital economy is not written from one place — it will be co-authored in every corner of this nation, and Enugu is leading the way,” he added.
The commissioning was also witnessed by the Minister of Youth Development, Ayodele Olawande, among other dignitaries.
GRTech
Identity Management Day: Sophos Warns Against Data Breaches Linked to Identity Theft
REPORTER: Sandra Ani


79% of data breaches are linked to identity theft and cost businesses an average of $4.5 million, according to reports from the Identity Defined Security Alliance (IDSA) and the Ponemon Institute.
Additionally, the 2025 edition of the Sophos Active Adversary Report reveals that the average time between the start of an attack and data exfiltration is only 72.98 hours (3.04 days), while the average time between exfiltration and attack detection is just 2.7 hours.
Cyberattacks are becoming increasingly fast, and the longer a compromised identity remains active, the greater the potential damage.
In light of this, Sophos, one of the world’s leading providers of innovative security solutions designed to neutralize cyberattacks, is taking advantage of Identity Management Day, which takes place on Tuesday, April 8, 2025, to remind businesses of the best practices they should follow to manage and secure digital identities.
Cybercriminals can use a compromised identity to access confidential information, steal data, move laterally within the organization, and launch further attacks.
It is therefore crucial to take immediate action to contain breaches and minimize their consequences.
In this context, automation plays a key role by enabling organizations to respond quickly and effectively to identity-related threats.
Five Automated Measures to Protect Against Identity Theft
1. Disable the User
When an identity breach is detected, one of the first steps is to disable the compromised user account. By preventing the attacker from using the stolen identity to access company systems and data, this measure outpaces the hacker and helps contain the breach.
Automation significantly speeds up this process. With automated response tools, businesses can quickly identify compromised accounts and disable them in real-time. This reduces the attack window and minimizes potential damage.
2. Force Password Reset
Passwords are often the first line of defense against unauthorized access attempts. In the event of an identity breach, it is essential to immediately force a password reset for the compromised account to prevent hackers from using stolen credentials.
Automated rules can be set up to trigger an instant password reset as soon as a breach is detected. This saves time and ensures that the reset process is initiated without delay, reducing the risk of further unauthorized access attempts.
3. Force Multi-Factor Authentication (MFA) Reset
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to enter a verification code in addition to their password. If an identity breach occurs, it is crucial to reset MFA for the compromised account. This means that the user will have to re-authenticate using their MFA tool, which automatically invalidates any stolen authentication tokens the attacker may have acquired.
Automated rules can trigger the refresh of MFA tokens, ensuring that compromised accounts are quickly reauthenticated. This prevents cybercriminals from using stolen authentication tokens to access company systems.
4. Lock the Account
Locking a compromised account prevents hackers from attempting to use it until the issue is resolved. This also gives the organization time to investigate the breach and apply the necessary corrective measures.
Automation streamlines the account locking process, allowing businesses to lock compromised accounts as soon as a breach is detected. This immediate response helps contain the breach and blocks further unauthorized access attempts.
5. Revoke Active Sessions
In addition to disabling the user account and forcing a password reset, it is essential to revoke all active sessions associated with the compromised identity. This ensures that the attacker is immediately logged out of all systems they accessed using stolen credentials.
Automated actions can be configured to revoke active sessions in real-time, instantly disrupting any unauthorized access. This is a critical measure to neutralize the breach and prevent further malicious activity.
For more information, please visit: https://www.secureworks.com/blog/5-critical-response-actions-for-an-identity-breach