Black Axe
Black Axe is a highly structured, hierarchical transnational criminal organization originating in Nigeria and formally linked in the reporting to the Neo-Black Movement of Africa. The group has a global presence in dozens of countries and is described as operating through zones in Nigeria and abroad, with reporting estimating roughly 30,000 registered members plus affiliated facilitators such as money mules. Black Axe is characterized in the source material as a criminal network rather than a nation-state actor. The reporting directly links Black Axe to cyber-enabled fraud, including romance scams, phishing, adversary-in-the-middle/man-in-the-middle fraud, and business email compromise (BEC). In Spain, authorities said Black Axe-linked networks recruited vulnerable money mules, often in high-unemployment areas, to receive, transfer, and withdraw fraud proceeds, and also used shell companies and frontmen to launder funds and support related fraud. Swiss authorities reported arrests tied to romance scams, other cyber fraud offenses, and money laundering, including the alleged Regional Head for Southern Europe. Beyond cyber-enabled fraud, the content states Black Axe is also involved in drug trafficking, human trafficking and prostitution, kidnapping, armed robbery, vehicle-related fraud/trafficking, and fraudulent spiritual practices. Europol reporting cited in the content describes strict internal codes of conduct, violent and ritualistic initiations, and spiritual practices. Known alias in the provided content: black_axe.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Financial Services
Where they target
Geographies tied to known operations.
- 🇨🇭 Switzerland
- 🇪🇸 Spain
Where they're from
Attributed origin per open-source reporting.
- NG
Recent activity
16 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
International criminal organisation involved in cyber-enabled fraud including romance scams, money laundering, and other criminal activities such as drug trafficking, human trafficking, kidnapping, armed robbery, and fraudulent spiritual practices.
A highly structured transnational criminal network involved in cyber-enabled fraud, including romance scams and other cyber fraud offences, as well as money laundering and a broader portfolio of organized criminal activity.
Referenced as a criminal organization whose linked suspects were apprehended in separate Spanish operations; no specific TTPs described in this content.
Criminal network associated with cyber fraud; referenced as a connection to a broader crime ring.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.