The gang operated in Italy, Spain, Poland, the U.K., Belgium and Georgia, according to Eurojust and Europol, the two agencies that coordinated and provided support to the police operation on the ground.
The gang's members, who were mainly from Nigeria, Cameroon and Spain, used malware and social engineering to compromise the computers of various large European companies. They then gained access to corporate email accounts and monitored them for payment-related communications from customers.
Whenever such requests were detected, they used the email accounts to instruct customers to send their payments to bank accounts under their control.
The stolen funds were immediately cashed out from the rogue bank accounts and transferred out of the European Union through a sophisticated network of money laundering transactions, Europol said.
The agency refers to the attack as a "man in the middle" one, although that's not technically accurate since the attackers had control over one end of the communications -- the email accounts. The attack also does not appear to have involved the interception of Internet traffic at the network layer while en route to its final destination, which is the most common use for the man-in-the-middle term.
In addition to the arrests Tuesday, law enforcement authorities in several countries searched 58 properties, seizing laptops, hard disk drives, phones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents.