< ciso
brief />
Tag Banner

All news with #cybercriminal tag

118 articles · page 2 of 6

Global Crackdown: 276 Arrested, $701M Seized, 9 Centers

🔒 A coordinated international operation led by Dubai Police alongside the FBI and China's Ministry of Public Security arrested 276 suspects, shut nine crypto scam centers, and restrained more than $701 million in cryptocurrency tied to investment fraud. The schemes employed pig butchering and romance-baiting lures and relied on trafficked workers forced to run scam compounds. Authorities seized hundreds of fraudulent domains and a Telegram recruitment channel, sanctioned Cambodian actors, flagged an Android Malware-as-a-Service, and credited Operation Level Up with notifying nearly 9,000 victims and saving about $562 million.
read more →

Money Launderer Sentenced for $230M Crypto Heist in Prison

🔒 22-year-old Evan Tangeman of Newport Beach was sentenced to 70 months in prison after pleading guilty to laundering proceeds tied to a $230 million cryptocurrency theft. Court documents say Tangeman (aka E, Tate, Evan|Exchanger) helped move at least $3.5 million between October 2023 and May 2025 using mixers, exchanges, peel chains, and VPNs. He was also ordered to serve three years of supervised release.
read more →

Caller-as-a-Service Fuels Industrialized Phone Scams

📞 Flare outlines how a mature "Caller-as-a-Service" ecosystem professionalizes vishing by dividing labor across specialists—from data traders to supervised callers—and operating like legitimate call centers. Recruitment ads demand native English, OPSEC, and sometimes live screen-sharing for real-time supervision. Compensation varies (fixed, success-based, hybrid), and payouts can be delayed pending downstream monetization. The result is lower technical barriers, higher efficiency, and increased detection difficulty.
read more →

Scattered Spider Leader Pleads Guilty to Crypto Theft

🔒 Tyler Robert Buchanan, a 24-year-old British national believed to lead the Scattered Spider cybercrime collective, has pleaded guilty in U.S. federal court to wire fraud and aggravated identity theft in connection with cryptocurrency thefts. Prosecutors say Buchanan and co-conspirators used large-scale SMS phishing campaigns and SIM swap attacks to steal at least $8 million from companies and individuals between September 2021 and April 2023. Buchanan was arrested in June 2024 in Palma de Mallorca, has been in U.S. custody since April 2025, and faces a statutory maximum of 22 years; sentencing is scheduled for August 21, 2026.
read more →

Grinex Claims Western Spies Behind $13M Crypto Theft

🔐 Grinex, a Kyrgyzstan-based exchange believed to be the successor to Garantex, said a "large-scale cyber-attack" by foreign intelligence agencies last week resulted in the theft of one billion rubles (about $13.2m) from Russian customers and forced it to suspend operations. The firm said it filed a criminal complaint and published the crypto address where the funds were allegedly deposited after being converted to TRX. Blockchain forensics firm Chainalysis disputed the account, noting the rapid swap into TRX via a Tron-based DEX mirrors known laundering tactics and raised the possibility of a false-flag operation or an insider exit scam.
read more →

Grinex Exchange Suspends Operations After $13.7M Hack

🚨 Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations after reporting a $13.7 million theft from wallets used by Russian customers. The platform, believed to be a rebrand of Garantex, enables ruble-crypto flows and used a ruble-backed stablecoin A7A5. Grinex alleges the attack shows signs of involvement by 'foreign intelligence agencies', while blockchain analysts traced funds to TRON and Ethereum addresses and conversion via SunSwap; independent reports have not publicly confirmed the exchange's attribution.
read more →

How Cybercriminals Are Thinking About AI Use and Tools

🧠 A new paper, What hackers talk about when they talk about AI, analyzes more than 160 cybercrime forum conversations collected over seven months to show how offenders perceive and experiment with AI. The study finds growing curiosity about using both legitimate AI services and bespoke illicit models, alongside clear doubts about reliability, cost, and operational security. Authors use a diffusion-of-innovation framework to trace early-stage adoption and offer practical guidance for law enforcement and policymakers.
read more →

The Industrialization of Cybercrime and Its Costs Worldwide

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.
read more →

U.S. Cyber Strategy Signals Possible Private Hackback

🛡️ The 2026 U.S. Cyber Strategy for America largely reiterates longstanding White House cyber priorities but adopts a noticeably more aggressive tone. One sentence — “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” — reads like an explicit invitation for corporate hackback. The author argues this is a dangerous and ill-considered idea because it risks misattribution, vigilantism, extrajudicial punishment, and escalation rather than strengthening security.
read more →

STARDUST CHOLLIMA Likely Compromises Axios npm Package

🔒 On March 31, 2026, threat actors used stolen maintainer credentials to compromise the widely used Axios npm package and distribute platform-specific variants of the ZshBucket implant. Observed samples target Linux, macOS and Windows and retain prior profiling and exfiltration behavior while adding a common JSON messaging protocol. The updated implants support binary injection, arbitrary script execution, file system enumeration and remote termination. CrowdStrike attributes the activity to STARDUST CHOLLIMA with moderate confidence based on ZshBucket linkage and infrastructure overlaps.
read more →

Hacker Charged After $53M Theft From Uranium Exchange

🔒 U.S. prosecutors have charged 36-year-old Jonathan Spalletta, known online as 'Cthulhon' and 'Jspalletta', with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering proceeds through a cryptocurrency mixer. The indictment alleges he abused multiple smart contract coding flaws in April 2021 to drain liquidity pools and extorted a sham bug bounty. A 2025 search recovered high-value collectibles and about $31 million in cryptocurrency; Spalletta faces computer fraud and money laundering counts that carry substantial prison terms.
read more →

UK Sanctions Chinese Crypto Marketplace Xinbi over Scam Hubs

🚨 The UK has imposed sanctions on the China-based cryptocurrency marketplace Xinbi, accusing it of enabling large-scale scam operations across Southeast Asia and facilitating crypto laundering. Authorities say Xinbi, which reportedly handled over $19.7 billion of inflows, sold victim data and traded satellite internet equipment used to contact targets. The action targets Xinbi and related firms and individuals linked to the Prince Group and #8 Park, and includes plans to freeze London properties.
read more →

Russia Arrests Suspected Owner of LeakBase Forum in Rostov

🔒 Russian police in the Rostov region arrested a Taganrog resident accused of owning and administering the cybercrime forum LeakBase. The forum, launched in 2021 and linked to the ARES threat group, grew to over 142,000 members and was used to trade stolen databases, exploits, and illicit services. In March 2026 authorities from the FBI and 14 other countries dismantled the site during Operation Leak, seizing the domain and preserving the forum database and logs as evidence.
read more →

Suspected RedLine Infostealer Administrator Extradited

🔒 Hambardzum Minasyan, an Armenian national, was extradited to the United States and charged with helping administer the RedLine infostealer operation. U.S. prosecutors allege he registered virtual private servers, domains, a cryptocurrency account used for affiliate payments, and file-sharing repositories that distributed the malware. He is accused of managing command-and-control infrastructure, assisting affiliates, and conspiring to launder proceeds, and faces multiple federal counts with a potential prison term if convicted.
read more →

LeakBase Forum Admin Arrested in Russia Over Data Trade

🔒 Russian authorities have arrested the alleged administrator of LeakBase, a major cybercrime forum accused of trading stolen personal databases since 2021. The suspect, reported to be a resident of Taganrog, was detained and technical equipment seized during a search. Officials say the platform hosted hundreds of millions of accounts, bank details and corporate documents and had over 147,000 registered users. The site was dismantled earlier this month and its content preserved for evidentiary purposes.
read more →

Operation Alice: Over 373,000 Dark Web Sites Dismantled

🛡️ A Europol-backed, German-led operation has dismantled over 373,000 .onion sites tied to a fraudulent platform called Alice with Violence CP that advertised child sexual abuse material (CSAM) and cybercrime-as-a-service. The multi-year investigation, concentrated between 9–19 March, turned thousands of decoy domains into an honeypot that helped identify 440 customers. Authorities have issued an international arrest warrant for an alleged Chinese operator and continue probes into more than 100 suspects.
read more →

Operation Alice: 373,000 Fake CSAM Sites Taken Down

🚨 An international law enforcement operation, Operation Alice, has shut down more than 373,000 dark‑web sites that advertised fake child sexual abuse material (CSAM) and other cybercrime services. The Germany‑led probe, supported by Europol, focused on a platform called "Alice with Violence CP" run by a 35‑year‑old suspect in China; investigators say roughly 10,000 users paid between EUR 17 and EUR 250 in Bitcoin, generating about $400,000. Authorities seized 287 servers — 105 in Germany — and have issued an international arrest warrant; 440 purchasers in 23 countries have been identified and 100 are under investigation. Prosecutors note that attempting to buy CSAM is criminal in many jurisdictions even when no material is delivered.
read more →

NCA Chief Warns Teens Are Being Radicalized into Cybercrime

🚨 The head of the UK's National Crime Agency, Graeme Biggar, warned at the launch of the NCA's National Strategic Assessment that online platforms and algorithms are 'radicalizing' teenagers into cybercrime, alongside other harms. He said technology is reshaping crime and that tech companies must take responsibility. Biggar highlighted rising UK-based attackers, surges in online fraud and sextortion, and the creation of the Online Crime Centre to speed data sharing across government and industry.
read more →

Telegram Crackdown 2026: Why Cybercriminals Adapt and Persist

🔎 In early 2026 Telegram intensified enforcement after the late‑2024 arrest of CEO Pavel Durov and a year of stricter moderation in 2025. Millions of channels were taken down, bans and automation grew, and platform transparency reached new highs. Despite these measures, cybercriminal ecosystems on Telegram have not shrunk; they have rapidly adapted through fragmentation, private groups, automated tooling and alternative hosting. Check Point's Exposure Management intelligence highlights these shifts and explains why takedowns have reduced visibility but not eliminated illicit activity.
read more →

Interpol-led Operation Synergia III Nets 94 Arrests Worldwide

🔍 Interpol coordinated Operation Synergia III from 18 July 2025 to 31 January 2026, involving law enforcement units in 72 countries and private partners. The action produced 94 arrests, the seizure of 212 electronic devices and servers, and the takedown of some 45,000 malicious IP addresses, while 110 individuals remain under investigation. The operation targeted phishing, ransomware, romance scams and credit card fraud and disrupted infrastructure used to impersonate banks, government sites and payment services. Private-sector partners including Group-IB, Trend Micro and S2W supplied intelligence that helped identify hosting and malware distribution points.
read more →