iProov uncovers global cybercriminal operation ‘Grey Nickel’

Biometric identity company iProov says it has uncovered live operations of a cybercrime operation that has infiltrated financial institutions worldwide.

Codenamed “Grey Nickel,” iProov claims the threat actor targets banking, crypto exchanges, e-wallets and digital payment platforms in Asia-Pacific, EMEA and North America.

iProov’s Security Operations Center (iSOC) observed live operations of Grey Nickel and during investigation the iSOC team documented an “unprecedented escalation” in attacks designed to bypass Know Your Customer (KYC) processes across the financial services sector.

“These criminal groups understand that banking, crypto exchanges, e-wallets, and digital payment platforms represent some of the highest-value targets for identity fraud,” said Dr. Andrew Newell, chief scientific officer, iProov.

“It is important to understand that these aren’t opportunistic attacks; they represent highly coordinated, specialized operations that pose an existential threat to the digital transformation of banking.”

The science-based biometric identity verification company found several distinct criminal operations. iProov found a group codenamed Grey Nickel has been systematically targeting organizations in the Asia-Pacific region, with recent expansions into North America and EMEA.

Grey Nickel employs advanced face-swap technology, metadata manipulation and injection techniques aimed at bypassing single-frame liveness-based verification systems used by banks and payment platforms.

Another thread is “Advanced Virtual Camera Networks,” with separate criminal groups developing and distributing specialized mobile applications that enable KYC bypass on both Android and iOS devices. These mobile apps then inject pre-recorded or manipulated video feeds during identity verification, with some variants now incorporating lip-syncing capabilities to defeat voice-based challenges.

Other criminal actors have established “Deepfake-as-a-Service Operations.” These offer custom deepfake creation and “comprehensive KYC bypass packages,” which are designed specifically to target cryptocurrency exchanges and payment platforms, according to the London, UK-based company. These operations combine stolen identity databases with AI-generated media to create synthetic identities that enable large-scale identity fraud.

The rise of generative AI means criminal forums now actively share techniques using commercially available AI platforms to generate deepfake videos with the aim of bypassing financial institutions that use weaker liveness detection technologies.

A United Nations report found crime syndicates have created a billion-dollar cyber fraud industry that has resulted in a more-than 600 percent increase in mentions of deepfake-related content in monitoring of online platforms in the first half of 2024. The United Nations Office on Drugs and Crime estimates financial losses between $18 billion and $37 billion from scams targeting victims in East and Southeast Asia in 2023 alone.

iProov points to a widespread lack of comprehensive data provided by the financial services sector on cybercrime. In the absence of consistent, mandatory incident reporting, regulators cannot take effective regulatory action since the scale of illicit activities is not fully known, the company argues.

Article Topics

biometric authentication  |  biometrics  |  cybersecurity  |  financial crime  |  fraud prevention  |  Grey Nickel  |  KYC  |  synthetic identity fraud