< ciso
brief />
Tag Banner

All news with #cybercriminal tag

118 articles

Spanish police dismantle €140M cyber fraud ring

🔍 Spanish police dismantled an industrial-scale cybercrime and money-laundering operation that stole €140 million via investment fraud and business email compromise. Four suspects were arrested across Spain, Portugal, and Panama after raids on multiple premises and an international operation with Interpol and Europol. Authorities seized digital devices, froze €3 million in proceeds, and identified hundreds of mule accounts used to launder funds.
read more →

Prisoner accused of stealing seized cryptocurrency

💼 A Bulgarian national, Rossen G. Iossifov, has been charged with removing $290,000 in government-seized cryptocurrency while serving a 121-month prison sentence for his role in laundering millions from U.S. fraud victims. He appeared in federal court in the Eastern District of Kentucky on counts of removal of property to prevent seizure and conspiracy to commit money laundering. Prosecutors allege he conspired in January 2024 to move funds through exchanges and mixers to evade seizure, and he faces up to 25 years if convicted.
read more →

Global Operation First Light 2026 Targets Cybercrime

🛡️ A global anti-fraud operation, Operation First Light 2026, ran from January 15 to April 30, 2026, coordinated by Interpol with support from regional partners and funding from China’s Ministry of Public Security. The crackdown targeted social engineering scams such as romance fraud and BEC, leading to over 5,800 arrests, identification of 15,606 suspects and interception of $293m in illicit assets. Actions included raids, freezing 31,014 bank accounts, seizing devices and using Interpol’s I-GRIP stop-payment mechanism.
read more →

Alleged Scattered Spider member extradited to U.S.

🔎 A 19-year-old dual US-Estonian citizen, Peter Stokes, was extradited from Finland to the United States to face charges alleging membership in the Scattered Spider hacking collective. He is accused of participating in multiple intrusions and extortion schemes, including a March 2023 breach and a May 2025 attack on a multibillion-dollar retailer that led to over $2 million in losses. Stokes faces charges of fraud, conspiracy, and computer intrusion and has appeared in federal court in Chicago.
read more →

Teen Allegedly Linked to Scattered Spider Extradited

📰 The US Justice Department announced the arrest and extradition of 19-year-old dual US-Estonian citizen Peter Stokes from Finland in April, with charges unsealed on June 30. He faces conspiracy, computer intrusion and fraud counts tied to alleged membership in the Scattered Spider hacking group. Authorities say the group conducted over 100 intrusions, netting $100m+ in ransoms and causing millions in damages. Stokes is accused of targeting a luxury jeweller and attempting an $8m extortion that resulted in $2m+ losses for the firm.
read more →

Cyber Risks and Privacy Threats Around World Cup 2026

🛡️ The 2026 FIFA World Cup presents an unprecedented cyberattack surface across three host countries, with illegal streaming and black-market gambling exposing viewers to significant risks. UpGuard researchers found publicly exposed log systems containing plain-text credentials, IP addresses, and betting details tied to pirate streams and offshore bookmakers. Law enforcement and international operations are disrupting many servers, but resilient criminal networks continue to adapt and monetize audiences via unregulated gambling.
read more →

Poland Busts SIM-Swapping Gang Linked to Crypto Theft

🔎 Polish authorities arrested four suspects accused of orchestrating SIM-swapping attacks after breaching telecommunications partners and hijacking email accounts. The operation, led by the Polish Cybercrime Bureau (CBZC) with assistance from the FBI and HSI, uncovered sophisticated intrusions used to intercept SMS and email communications and seize crypto exchange accounts. Investigators estimate the group laundered millions via distributed financial networks and multiple bank accounts. The suspects face charges including organized crime, hacking, and money laundering, with potential sentences up to 25 years.
read more →

DraftKings hacker 'Snoopy' sentenced to 18 months

🔒 A 21-year-old known as "Snoopy" was sentenced to 18 months in prison after pleading guilty to conspiracy to commit computer intrusion for his role in the November 2022 DraftKings account takeover. The attacker and co-conspirators compromised roughly 60,000 user accounts, added payment methods to 1,600 accounts, and stole $600,000. Authorities linked the scheme to online marketplaces and seller shops that trafficked access to stolen accounts.
read more →

DOJ Seizes Cloud Account Linked to HuiOne Group

📰 The U.S. Department of Justice announced the seizure of a cloud computing account used by subsidiaries of Cambodia-based HuiOne Group, as the Treasury sanctioned individuals and entities tied to Prince Group. The account hosted backend infrastructure for illicit marketplaces, including HuiOne Guarantee, which facilitated large-scale crypto fraud, money laundering services, and the sale of crimeware and exploitative tools. Authorities say these platforms enabled conversion of stolen cryptocurrency into the legitimate banking sector and supported human trafficking and violent control measures at scam compounds.
read more →

New York man charged with AI-enabled cyberstalking

📢 A New York man was indicted on cyberstalking charges after allegedly creating multiple fake social media and email accounts to harass a former college classmate. The defendant is accused of distributing AI-generated nude images and fabricated racist messages across platforms including Instagram, LinkedIn, Reddit, X, Strava, and Yahoo between January and March 2025. Authorities say he used spoofed accounts to send images to the victim’s family and continued the campaign after the victim transferred to a Georgia college. Federal prosecutors emphasize that sharing intimate images without consent is a prosecutable offense and urge victims to report such abuse.
read more →

International takedown of AudiA6 crypto laundering service

🔎 An international law enforcement operation dismantled the AudiA6 cryptocurrency laundering service, suspected of moving more than €336m for ransomware gangs and other cybercriminals between 2022 and 2025. The probe identified an industrial-scale laundering scheme that used thousands of stolen identities and money mules to obfuscate funds. Arrests, domain seizures and frozen crypto followed coordinated actions across Europe, the US and Georgia.
read more →

Interpol operation dismantles long‑running PhaaS platform

🛡️ An Interpol-led operation, Operation Ramz, targeted cybercrime across 13 MENA countries from October 2025 to February 2026, yielding 201 arrests and the seizure of 53 servers. Group-IB disclosed that the crackdown resulted in the takedown of the SniperDz phishing-as-a-service platform and the arrest of its primary developer in Algeria. SniperDz operated since at least 2015, offering phishing kits and hosting, and was linked to tens of thousands of fake domains and hundreds of thousands of phishing pages. Investigators attributed the platform through OpSec failures, social media traces and shared intelligence that enabled law enforcement disruption.
read more →

Vendor Sentenced for Selling Drugs on Nemesis Market

🔍 A California man received a 26-year federal prison sentence after trafficking fentanyl and methamphetamine through Nemesis Market. Darren Hughes, 39, was convicted in November 2025 and sentenced on May 26 for operating a dark web store that offered free samples and sold drugs to undercover agents for cryptocurrency. Authorities arrested Hughes on June 28, 2023, seizing 672 grams of methamphetamine and a loaded ghost gun during his arrest. The case was part of a broader international investigation that took down Nemesis Market in March 2024.
read more →

Police dismantle fake ID marketplace aiding smugglers

🔍 French and Spanish authorities dismantled an online marketplace selling counterfeit identity documents used by migrant smuggling rings across the EU. On May 27, police arrested a suspect in Alicante and seized document-production equipment and about 800 fake European IDs from an apartment rented under a false name. Europol said the platform provided forged physical and digital documents to facilitate border evasion, fraudulent residence claims, and secondary movements within the Schengen Area.
read more →

AI-Driven Cybercrime Tools Surge Over 3800%

🔍 Halcyon research reveals a dramatic rise in AI-powered cybercrime tooling across underground markets, jumping from 38 mentions in December to 1,486 in February. Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center, detailed four product categories: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. She warned that automated distribution, freemium models and redundant channels have lowered the financial barrier to entry and increased resilience against takedown efforts.
read more →

DDoS-as-a-Service: Evolution of a Paid Market

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.
read more →

Canadian Arrest Tied to Kimwolf DDoS Botnet

🛡️ The U.S. Department of Justice announced the arrest of 23-year-old Canadian Jacob Butler (aka Dort) for allegedly operating the Kimwolf DDoS botnet, a variant of AISURU. The botnet enslaved devices like digital photo frames and webcams and was offered via a cybercrime-as-a-service model to launch global attacks, including against DoD network addresses. Authorities linked Butler through IP, account data, and Discord messages, and charged him with aiding and abetting computer intrusion.
read more →

Ukrainian Police ID Infostealer Operator Behind Massive Theft

🔍 Ukrainian cyberpolice, working with U.S. law enforcement, say they identified an 18-year-old from Odesa suspected of running an infostealer operation that infected customers of a California online store between 2024 and 2025. The malware harvested browser sessions, credentials, and payment information, compromising 28,000 accounts. Attackers used 5,800 accounts to make unauthorized purchases totaling about $721,000, and authorities executed searches seizing phones, computers, storage media, bank cards, and cryptocurrency-related evidence while the investigation continues.
read more →

Police Shut Relaunched Crimenetwork Dark Web Market

🔒 Spanish and German authorities have shut down a relaunch of Crimenetwork, arresting a 35-year-old German national in Mallorca after coordination with the Frankfurt prosecutors and the BKA. The rebuilt marketplace attracted over 22,000 users and 100+ vendors, trading stolen data, narcotics and forged documents while generating more than €3.6m in revenue. Police seized €194,000 and user transaction data to support further investigations.
read more →

Crypto gang member gets 78 months for $230M heist probe

🔒 A 20-year-old California man, Marlon Ferro (aka GothFerrari), was sentenced to 78 months in prison after pleading guilty to serving as a home invader and money launderer for a criminal ring that stole over $250 million in cryptocurrency. Arrested on May 13, 2025, Ferro was found carrying two firearms and a fraudulent ID and was ordered to pay $2.5 million in restitution and serve three years of supervised release. Authorities say the conspiracy combined social engineering, hacking attempts, and physical burglaries to seize hardware wallets and launder funds through exchanges and mixers.
read more →