What happened
Spain arrests 34 suspects linked to Black Axe cyber crime after a coordinated law enforcement operation on January 10, 2026, that targeted individuals allegedly part of a criminal network affiliated with the Black Axe syndicate. Spanish authorities, with support from the Bavarian State Criminal Police Office and Europol, conducted raids in Seville, Madrid, Malaga, and Barcelona, seizing cash, electronic devices, vehicles, and freezing financial accounts. The suspects are accused of engaging in man-in-the-middle (MITM) fraud schemes, including business email compromise (BEC) to intercept and alter legitimate corporate communications and divert payments. Investigators estimate the group caused more than $6 million in damages over 15 years, of which $3.5 million is linked to this operation. Four individuals were placed in pretrial detention and face charges ranging from aggravated continuous fraud and membership in a criminal organization to money laundering and document forgery. Black Axe, founded in Nigeria, is known for its extensive global criminal activities including cybercrime.Â
Who is affected
Corporate entities and financial institutions are indirectly affected by BEC and MITM scams perpetrated by alleged members of Black Axe, with financial losses tied to fraudulent transaction diversion and ongoing investigations.Â
Why CISOs should care
This operation underscores the persistent threat of sophisticated fraud rings leveraging email compromise and MITM techniques to defraud organizations financially and highlights the importance of robust email security and transaction verification controls.Â
3 practical actions
- Strengthen email defenses: Deploy advanced email filtering and authentication (DMARC/DKIM/SPF) to reduce BEC risk.
- Enhance transaction validation: Establish multi-factor transaction approvals to detect altered details.
- Increase fraud awareness: Train staff on identifying social engineering and MITM scams.