All news with #cybercriminal tag

🚨 Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations after reporting a $13.7 million theft from wallets used by Russian customers. The platform, believed to be a rebrand of Garantex, enables ruble-crypto flows and used a ruble-backed stablecoin A7A5. Grinex alleges the attack shows signs of involvement by 'foreign intelligence agencies', while blockchain analysts traced funds to TRON and Ethereum addresses and conversion via SunSwap; independent reports have not publicly confirmed the exchange's attribution.

🧠 A new paper, What hackers talk about when they talk about AI, analyzes more than 160 cybercrime forum conversations collected over seven months to show how offenders perceive and experiment with AI. The study finds growing curiosity about using both legitimate AI services and bespoke illicit models, alongside clear doubts about reliability, cost, and operational security. Authors use a diffusion-of-innovation framework to trace early-stage adoption and offer practical guidance for law enforcement and policymakers.

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.

🛡️ The 2026 U.S. Cyber Strategy for America largely reiterates longstanding White House cyber priorities but adopts a noticeably more aggressive tone. One sentence — “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” — reads like an explicit invitation for corporate hackback. The author argues this is a dangerous and ill-considered idea because it risks misattribution, vigilantism, extrajudicial punishment, and escalation rather than strengthening security.

🔒 On March 31, 2026, threat actors used stolen maintainer credentials to compromise the widely used Axios npm package and distribute platform-specific variants of the ZshBucket implant. Observed samples target Linux, macOS and Windows and retain prior profiling and exfiltration behavior while adding a common JSON messaging protocol. The updated implants support binary injection, arbitrary script execution, file system enumeration and remote termination. CrowdStrike attributes the activity to STARDUST CHOLLIMA with moderate confidence based on ZshBucket linkage and infrastructure overlaps.

🔒 U.S. prosecutors have charged 36-year-old Jonathan Spalletta, known online as 'Cthulhon' and 'Jspalletta', with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering proceeds through a cryptocurrency mixer. The indictment alleges he abused multiple smart contract coding flaws in April 2021 to drain liquidity pools and extorted a sham bug bounty. A 2025 search recovered high-value collectibles and about $31 million in cryptocurrency; Spalletta faces computer fraud and money laundering counts that carry substantial prison terms.

🚨 The UK has imposed sanctions on the China-based cryptocurrency marketplace Xinbi, accusing it of enabling large-scale scam operations across Southeast Asia and facilitating crypto laundering. Authorities say Xinbi, which reportedly handled over $19.7 billion of inflows, sold victim data and traded satellite internet equipment used to contact targets. The action targets Xinbi and related firms and individuals linked to the Prince Group and #8 Park, and includes plans to freeze London properties.

🔒 Russian police in the Rostov region arrested a Taganrog resident accused of owning and administering the cybercrime forum LeakBase. The forum, launched in 2021 and linked to the ARES threat group, grew to over 142,000 members and was used to trade stolen databases, exploits, and illicit services. In March 2026 authorities from the FBI and 14 other countries dismantled the site during Operation Leak, seizing the domain and preserving the forum database and logs as evidence.

🔒 Hambardzum Minasyan, an Armenian national, was extradited to the United States and charged with helping administer the RedLine infostealer operation. U.S. prosecutors allege he registered virtual private servers, domains, a cryptocurrency account used for affiliate payments, and file-sharing repositories that distributed the malware. He is accused of managing command-and-control infrastructure, assisting affiliates, and conspiring to launder proceeds, and faces multiple federal counts with a potential prison term if convicted.

🔒 Russian authorities have arrested the alleged administrator of LeakBase, a major cybercrime forum accused of trading stolen personal databases since 2021. The suspect, reported to be a resident of Taganrog, was detained and technical equipment seized during a search. Officials say the platform hosted hundreds of millions of accounts, bank details and corporate documents and had over 147,000 registered users. The site was dismantled earlier this month and its content preserved for evidentiary purposes.

🛡️ A Europol-backed, German-led operation has dismantled over 373,000 .onion sites tied to a fraudulent platform called Alice with Violence CP that advertised child sexual abuse material (CSAM) and cybercrime-as-a-service. The multi-year investigation, concentrated between 9–19 March, turned thousands of decoy domains into an honeypot that helped identify 440 customers. Authorities have issued an international arrest warrant for an alleged Chinese operator and continue probes into more than 100 suspects.

🚨 An international law enforcement operation, Operation Alice, has shut down more than 373,000 dark‑web sites that advertised fake child sexual abuse material (CSAM) and other cybercrime services. The Germany‑led probe, supported by Europol, focused on a platform called "Alice with Violence CP" run by a 35‑year‑old suspect in China; investigators say roughly 10,000 users paid between EUR 17 and EUR 250 in Bitcoin, generating about $400,000. Authorities seized 287 servers — 105 in Germany — and have issued an international arrest warrant; 440 purchasers in 23 countries have been identified and 100 are under investigation. Prosecutors note that attempting to buy CSAM is criminal in many jurisdictions even when no material is delivered.

🚨 The head of the UK's National Crime Agency, Graeme Biggar, warned at the launch of the NCA's National Strategic Assessment that online platforms and algorithms are 'radicalizing' teenagers into cybercrime, alongside other harms. He said technology is reshaping crime and that tech companies must take responsibility. Biggar highlighted rising UK-based attackers, surges in online fraud and sextortion, and the creation of the Online Crime Centre to speed data sharing across government and industry.

🔎 In early 2026 Telegram intensified enforcement after the late‑2024 arrest of CEO Pavel Durov and a year of stricter moderation in 2025. Millions of channels were taken down, bans and automation grew, and platform transparency reached new highs. Despite these measures, cybercriminal ecosystems on Telegram have not shrunk; they have rapidly adapted through fragmentation, private groups, automated tooling and alternative hosting. Check Point's Exposure Management intelligence highlights these shifts and explains why takedowns have reduced visibility but not eliminated illicit activity.

🔍 Interpol coordinated Operation Synergia III from 18 July 2025 to 31 January 2026, involving law enforcement units in 72 countries and private partners. The action produced 94 arrests, the seizure of 212 electronic devices and servers, and the takedown of some 45,000 malicious IP addresses, while 110 individuals remain under investigation. The operation targeted phishing, ransomware, romance scams and credit card fraud and disrupted infrastructure used to impersonate banks, government sites and payment services. Private-sector partners including Group-IB, Trend Micro and S2W supplied intelligence that helped identify hosting and malware distribution points.

🔒 Derrick Van Yeboah, a 40-year-old Ghanaian national, pleaded guilty to conspiracy to commit wire fraud for his role in a transnational fraud ring that prosecutors say stole more than $100 million through romance scams and business email compromise attacks. Extradited to the U.S. in August 2025, he agreed to pay over $10 million in restitution and faces up to 20 years in prison. Prosecutors say he personally carried out many romance scams that targeted vulnerable Americans and worked with U.S. and West African accomplices to launder proceeds.

🔍 New analysis from Orange Cyberdefence of 418 law‑enforcement actions between 2021 and mid‑2025 shows profit-driven, midcareer criminals — especially those aged 35–44 — constitute the largest share of cyber offenders. Teenagers and young adults remain present (12–17: 5%; 18–24: 21%), but activity shifts toward organised extortion, malware and money laundering with age. Experts say modern operations resemble illicit tech firms that require project management, recruitment and financial expertise.

🔒 Law enforcement across 14 countries seized the LeakBase cyberforum, taking its database and two domains and targeting roughly 142,000 users. Authorities executed around 100 coordinated actions beginning March 3, including arrests, search warrants, and interviews in multiple jurisdictions. The captured data reportedly contained credential pairs, payment card details, bank account information, and other sensitive personally identifiable and business data. Investigators say the technical seizure unmasked users who believed they were operating anonymously and that authorities delivered prevention messages while continuing to trace digital trails.

🔒 John Daghita, a U.S. government contractor and son of CMDSS's CEO, was arrested on Saint Martin after a joint operation by the FBI and France's elite Gendarmerie unit. He is accused of stealing more than $46 million in cryptocurrency seized and managed by the U.S. Marshals Service, including funds tied to the 2016 Bitfinex hack. Authorities seized cash, hard drives, and security keys, and investigators say public blockchain analysis played a key role in identifying him.

🚨 Spanish and Ukrainian authorities dismantled a criminal network that exploited war-displaced Ukrainian women to run an automated online gambling and money-laundering scheme. The group financed victims' travel to Spain, coerced them into opening bank accounts and credit cards, then seized control to feed bot-driven low-odds bets. Investigators say the operation used identities from over 5,000 people across 17 nationalities and laundered an estimated €4.75 million. Authorities arrested 12 suspects, executed searches in Spain and Ukraine, and seized devices, bots, SIMs, vehicles and frozen properties.