All news with #cybercriminal tag

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.

🛡️ The U.S. Department of Justice announced the arrest of 23-year-old Canadian Jacob Butler (aka Dort) for allegedly operating the Kimwolf DDoS botnet, a variant of AISURU. The botnet enslaved devices like digital photo frames and webcams and was offered via a cybercrime-as-a-service model to launch global attacks, including against DoD network addresses. Authorities linked Butler through IP, account data, and Discord messages, and charged him with aiding and abetting computer intrusion.

🔍 Ukrainian cyberpolice, working with U.S. law enforcement, say they identified an 18-year-old from Odesa suspected of running an infostealer operation that infected customers of a California online store between 2024 and 2025. The malware harvested browser sessions, credentials, and payment information, compromising 28,000 accounts. Attackers used 5,800 accounts to make unauthorized purchases totaling about $721,000, and authorities executed searches seizing phones, computers, storage media, bank cards, and cryptocurrency-related evidence while the investigation continues.

🔒 Spanish and German authorities have shut down a relaunch of Crimenetwork, arresting a 35-year-old German national in Mallorca after coordination with the Frankfurt prosecutors and the BKA. The rebuilt marketplace attracted over 22,000 users and 100+ vendors, trading stolen data, narcotics and forged documents while generating more than €3.6m in revenue. Police seized €194,000 and user transaction data to support further investigations.

🔒 A 20-year-old California man, Marlon Ferro (aka GothFerrari), was sentenced to 78 months in prison after pleading guilty to serving as a home invader and money launderer for a criminal ring that stole over $250 million in cryptocurrency. Arrested on May 13, 2025, Ferro was found carrying two firearms and a fraudulent ID and was ordered to pay $2.5 million in restitution and serve three years of supervised release. Authorities say the conspiracy combined social engineering, hacking attempts, and physical burglaries to seize hardware wallets and launder funds through exchanges and mixers.

🔒 A coordinated international operation led by Dubai Police alongside the FBI and China's Ministry of Public Security arrested 276 suspects, shut nine crypto scam centers, and restrained more than $701 million in cryptocurrency tied to investment fraud. The schemes employed pig butchering and romance-baiting lures and relied on trafficked workers forced to run scam compounds. Authorities seized hundreds of fraudulent domains and a Telegram recruitment channel, sanctioned Cambodian actors, flagged an Android Malware-as-a-Service, and credited Operation Level Up with notifying nearly 9,000 victims and saving about $562 million.

🔒 22-year-old Evan Tangeman of Newport Beach was sentenced to 70 months in prison after pleading guilty to laundering proceeds tied to a $230 million cryptocurrency theft. Court documents say Tangeman (aka E, Tate, Evan|Exchanger) helped move at least $3.5 million between October 2023 and May 2025 using mixers, exchanges, peel chains, and VPNs. He was also ordered to serve three years of supervised release.

📞 Flare outlines how a mature "Caller-as-a-Service" ecosystem professionalizes vishing by dividing labor across specialists—from data traders to supervised callers—and operating like legitimate call centers. Recruitment ads demand native English, OPSEC, and sometimes live screen-sharing for real-time supervision. Compensation varies (fixed, success-based, hybrid), and payouts can be delayed pending downstream monetization. The result is lower technical barriers, higher efficiency, and increased detection difficulty.

🔒 Tyler Robert Buchanan, a 24-year-old British national believed to lead the Scattered Spider cybercrime collective, has pleaded guilty in U.S. federal court to wire fraud and aggravated identity theft in connection with cryptocurrency thefts. Prosecutors say Buchanan and co-conspirators used large-scale SMS phishing campaigns and SIM swap attacks to steal at least $8 million from companies and individuals between September 2021 and April 2023. Buchanan was arrested in June 2024 in Palma de Mallorca, has been in U.S. custody since April 2025, and faces a statutory maximum of 22 years; sentencing is scheduled for August 21, 2026.

🔐 Grinex, a Kyrgyzstan-based exchange believed to be the successor to Garantex, said a "large-scale cyber-attack" by foreign intelligence agencies last week resulted in the theft of one billion rubles (about $13.2m) from Russian customers and forced it to suspend operations. The firm said it filed a criminal complaint and published the crypto address where the funds were allegedly deposited after being converted to TRX. Blockchain forensics firm Chainalysis disputed the account, noting the rapid swap into TRX via a Tron-based DEX mirrors known laundering tactics and raised the possibility of a false-flag operation or an insider exit scam.

🚨 Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations after reporting a $13.7 million theft from wallets used by Russian customers. The platform, believed to be a rebrand of Garantex, enables ruble-crypto flows and used a ruble-backed stablecoin A7A5. Grinex alleges the attack shows signs of involvement by 'foreign intelligence agencies', while blockchain analysts traced funds to TRON and Ethereum addresses and conversion via SunSwap; independent reports have not publicly confirmed the exchange's attribution.

🧠 A new paper, What hackers talk about when they talk about AI, analyzes more than 160 cybercrime forum conversations collected over seven months to show how offenders perceive and experiment with AI. The study finds growing curiosity about using both legitimate AI services and bespoke illicit models, alongside clear doubts about reliability, cost, and operational security. Authors use a diffusion-of-innovation framework to trace early-stage adoption and offer practical guidance for law enforcement and policymakers.

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.

🛡️ The 2026 U.S. Cyber Strategy for America largely reiterates longstanding White House cyber priorities but adopts a noticeably more aggressive tone. One sentence — “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” — reads like an explicit invitation for corporate hackback. The author argues this is a dangerous and ill-considered idea because it risks misattribution, vigilantism, extrajudicial punishment, and escalation rather than strengthening security.

🔒 On March 31, 2026, threat actors used stolen maintainer credentials to compromise the widely used Axios npm package and distribute platform-specific variants of the ZshBucket implant. Observed samples target Linux, macOS and Windows and retain prior profiling and exfiltration behavior while adding a common JSON messaging protocol. The updated implants support binary injection, arbitrary script execution, file system enumeration and remote termination. CrowdStrike attributes the activity to STARDUST CHOLLIMA with moderate confidence based on ZshBucket linkage and infrastructure overlaps.

🔒 U.S. prosecutors have charged 36-year-old Jonathan Spalletta, known online as 'Cthulhon' and 'Jspalletta', with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering proceeds through a cryptocurrency mixer. The indictment alleges he abused multiple smart contract coding flaws in April 2021 to drain liquidity pools and extorted a sham bug bounty. A 2025 search recovered high-value collectibles and about $31 million in cryptocurrency; Spalletta faces computer fraud and money laundering counts that carry substantial prison terms.

🚨 The UK has imposed sanctions on the China-based cryptocurrency marketplace Xinbi, accusing it of enabling large-scale scam operations across Southeast Asia and facilitating crypto laundering. Authorities say Xinbi, which reportedly handled over $19.7 billion of inflows, sold victim data and traded satellite internet equipment used to contact targets. The action targets Xinbi and related firms and individuals linked to the Prince Group and #8 Park, and includes plans to freeze London properties.

🔒 Russian police in the Rostov region arrested a Taganrog resident accused of owning and administering the cybercrime forum LeakBase. The forum, launched in 2021 and linked to the ARES threat group, grew to over 142,000 members and was used to trade stolen databases, exploits, and illicit services. In March 2026 authorities from the FBI and 14 other countries dismantled the site during Operation Leak, seizing the domain and preserving the forum database and logs as evidence.

🔒 Hambardzum Minasyan, an Armenian national, was extradited to the United States and charged with helping administer the RedLine infostealer operation. U.S. prosecutors allege he registered virtual private servers, domains, a cryptocurrency account used for affiliate payments, and file-sharing repositories that distributed the malware. He is accused of managing command-and-control infrastructure, assisting affiliates, and conspiring to launder proceeds, and faces multiple federal counts with a potential prison term if convicted.

🔒 Russian authorities have arrested the alleged administrator of LeakBase, a major cybercrime forum accused of trading stolen personal databases since 2021. The suspect, reported to be a resident of Taganrog, was detained and technical equipment seized during a search. Officials say the platform hosted hundreds of millions of accounts, bank details and corporate documents and had over 147,000 registered users. The site was dismantled earlier this month and its content preserved for evidentiary purposes.