Noida Police Bust International Cybercrime Module, Arrest Two Nigerian Nationals
In a significant crackdown on digital financial fraud, the Noida Police have apprehended two foreign nationals allegedly connected to the notorious international cybercrime syndicate known as Solar Spider. The arrests were made during a coordinated joint operation involving teams from the Cyber Crime Police Station, Knowledge Park Police Station, and the Cyber Commandos of the Meerut Zone on Thursday.
Details of the Arrest and Accused
The detained individuals have been identified as Modebe Joseph, aged 42, and Sunday Okonkwo, aged 35, both citizens of Nigeria. They were taken into custody from the Knowledge Park area in Noida. According to Deputy Commissioner of Police (Cyber) Shavya Goyal, the suspects were active members of a specialized module that deliberately targeted smaller cooperative banks across India. These institutions were chosen due to their relatively weaker cybersecurity infrastructure, making them vulnerable to sophisticated digital attacks.
Scale and Methodology of the Alleged Fraud
Investigators revealed that the group had orchestrated a plan to illicitly transfer between ₹60 crore and ₹80 crore from these banks. The stolen funds were intended to be funneled into mule accounts before being moved overseas through cryptocurrency channels, effectively laundering the money and evading traditional financial tracking systems.
During interrogation, it was discovered that the module had already successfully executed a heist, siphoning off ₹7 crore from a cooperative bank in Gujarat. This theft occurred between March 7 and 8. Officials noted that the transactions were strategically timed over a weekend when banking operations are typically closed and monitoring systems are less vigilant. This delay allowed the hackers to complete the transfers before the security breach could be detected.
Swift Response and Damage Control
Once the fraud was uncovered, investigators immediately alerted the Indian Cyber Crime Coordination Centre (I4C) and relevant banking institutions. This prompt action led to the freezing of the transferred funds, thereby preventing further financial losses and mitigating the impact on the affected bank.
Solar Spider's Sophisticated Attack Vector
Police emphasized that Solar Spider has a documented history of targeting financial institutions globally. The network employs an advanced phishing technique to infiltrate banking systems. In these attacks, employees receive deceptive emails that are cleverly disguised as legitimate alerts, such as SWIFT payment notifications or MoneyGram templates.
These messages contain attachments that appear to be harmless ZIP or PDF files but actually harbor hidden JavaScript code. When opened, this code installs a remote-control malware known as JSOutProx. This malware grants hackers unauthorized access to the infected computer, enabling them to download additional tools and bypass security filters. Once inside the network, the attackers manipulate high-value transactions, including NEFT or RTGS payments, redirecting the money into accounts controlled by the criminal gang.
Broader Connections and Previous Arrests
This is not the first time Noida has encountered operatives linked to Solar Spider. Police disclosed that another individual associated with the same network was arrested in Noida in 2025. Preliminary investigations also suggest that the module has international ties to cybercrime groups operating from Nigeria and South Africa, indicating a well-organized transnational operation.
The arrests underscore the growing threat of cybercrime targeting India's financial sector and highlight the critical need for enhanced cybersecurity measures, especially among smaller banking institutions. The Noida Police's operation marks a crucial step in dismantling such networks and safeguarding digital financial infrastructure.
