Indian authorities have arrested two Nigerian nationals, Modebe Joseph and Sunday Okonkwo, for allegedly being members of an international cybercrime syndicate linked to the hacking of cooperative banks .
The cybercrime unit of Gautam Buddh Nagar Police Commissionerate arrested the duo in Noida, Uttar Pradesh, over their suspected connection with a cyber threat actor group known as “Solar Spider” .
According to the Times of India, Joseph, 42, and Okonkwo, 35, worked for the gang targeting financial institutions with weak cybersecurity systems . The arrests were executed in a joint operation by the Cyber Crime Police Station, Knowledge Park Police Station, and the cyber commando unit of the Meerut Zone .
Investigators said the group intended to exploit digital vulnerabilities to transfer between Rs 60 crore and Rs 80 crore (approximately N12-16 billion) into mule accounts and then move the money abroad through cryptocurrency channels .
Deputy Commissioner of Police Shavya Goyal said the suspects were part of a wider international cyber network with links to criminal groups operating in Nigeria and South Africa .
“During the weekend of March 7–8, the suspects managed to siphon off around ₹7 crore (approximately N1bn) from the bank. Investigators believe the transaction was deliberately executed over the weekend when the bank was closed, reducing the chances of immediate detection,” Goyal said .
Police said the prompt response led to the freezing of the transferred funds and prevented further losses .
Police disclosed that Solar Spider has previously been linked to cyberattacks on financial institutions in several countries . Investigators believe the network uses sophisticated phishing techniques to gain access to banking systems.
In such attacks, employees receive emails disguised as legitimate alerts such as SWIFT payment notifications or MoneyGram templates. The messages carry attachments that appear to be harmless ZIP or PDF files, but actually contain hidden JavaScript code. When opened, the code installs a remote-control malware called JSOutProx, allowing hackers to access the infected computer .
The malware then connects to platforms enabling downloading of additional tools, helping the attackers bypass security filters. Once inside the network, the hackers manipulate high-value transfers, including NEFT or RTGS payments, redirecting the money into accounts controlled by the gang .
Police said another member linked to the same network was arrested in Noida in 2025 . Preliminary findings also suggest international links to cybercrime groups operating from Nigeria and South Africa .
The arrests add to a growing list of Nigerians arrested abroad for cyber-related crimes in recent months.
