All news with #cybercriminal tag

🛡️ A Europol-backed, German-led operation has dismantled over 373,000 .onion sites tied to a fraudulent platform called Alice with Violence CP that advertised child sexual abuse material (CSAM) and cybercrime-as-a-service. The multi-year investigation, concentrated between 9–19 March, turned thousands of decoy domains into an honeypot that helped identify 440 customers. Authorities have issued an international arrest warrant for an alleged Chinese operator and continue probes into more than 100 suspects.

🚨 An international law enforcement operation, Operation Alice, has shut down more than 373,000 dark‑web sites that advertised fake child sexual abuse material (CSAM) and other cybercrime services. The Germany‑led probe, supported by Europol, focused on a platform called "Alice with Violence CP" run by a 35‑year‑old suspect in China; investigators say roughly 10,000 users paid between EUR 17 and EUR 250 in Bitcoin, generating about $400,000. Authorities seized 287 servers — 105 in Germany — and have issued an international arrest warrant; 440 purchasers in 23 countries have been identified and 100 are under investigation. Prosecutors note that attempting to buy CSAM is criminal in many jurisdictions even when no material is delivered.

🚨 The head of the UK's National Crime Agency, Graeme Biggar, warned at the launch of the NCA's National Strategic Assessment that online platforms and algorithms are 'radicalizing' teenagers into cybercrime, alongside other harms. He said technology is reshaping crime and that tech companies must take responsibility. Biggar highlighted rising UK-based attackers, surges in online fraud and sextortion, and the creation of the Online Crime Centre to speed data sharing across government and industry.

🔎 In early 2026 Telegram intensified enforcement after the late‑2024 arrest of CEO Pavel Durov and a year of stricter moderation in 2025. Millions of channels were taken down, bans and automation grew, and platform transparency reached new highs. Despite these measures, cybercriminal ecosystems on Telegram have not shrunk; they have rapidly adapted through fragmentation, private groups, automated tooling and alternative hosting. Check Point's Exposure Management intelligence highlights these shifts and explains why takedowns have reduced visibility but not eliminated illicit activity.

🔍 Interpol coordinated Operation Synergia III from 18 July 2025 to 31 January 2026, involving law enforcement units in 72 countries and private partners. The action produced 94 arrests, the seizure of 212 electronic devices and servers, and the takedown of some 45,000 malicious IP addresses, while 110 individuals remain under investigation. The operation targeted phishing, ransomware, romance scams and credit card fraud and disrupted infrastructure used to impersonate banks, government sites and payment services. Private-sector partners including Group-IB, Trend Micro and S2W supplied intelligence that helped identify hosting and malware distribution points.

🔒 Derrick Van Yeboah, a 40-year-old Ghanaian national, pleaded guilty to conspiracy to commit wire fraud for his role in a transnational fraud ring that prosecutors say stole more than $100 million through romance scams and business email compromise attacks. Extradited to the U.S. in August 2025, he agreed to pay over $10 million in restitution and faces up to 20 years in prison. Prosecutors say he personally carried out many romance scams that targeted vulnerable Americans and worked with U.S. and West African accomplices to launder proceeds.

🔍 New analysis from Orange Cyberdefence of 418 law‑enforcement actions between 2021 and mid‑2025 shows profit-driven, midcareer criminals — especially those aged 35–44 — constitute the largest share of cyber offenders. Teenagers and young adults remain present (12–17: 5%; 18–24: 21%), but activity shifts toward organised extortion, malware and money laundering with age. Experts say modern operations resemble illicit tech firms that require project management, recruitment and financial expertise.

🔒 Law enforcement across 14 countries seized the LeakBase cyberforum, taking its database and two domains and targeting roughly 142,000 users. Authorities executed around 100 coordinated actions beginning March 3, including arrests, search warrants, and interviews in multiple jurisdictions. The captured data reportedly contained credential pairs, payment card details, bank account information, and other sensitive personally identifiable and business data. Investigators say the technical seizure unmasked users who believed they were operating anonymously and that authorities delivered prevention messages while continuing to trace digital trails.

🔒 John Daghita, a U.S. government contractor and son of CMDSS's CEO, was arrested on Saint Martin after a joint operation by the FBI and France's elite Gendarmerie unit. He is accused of stealing more than $46 million in cryptocurrency seized and managed by the U.S. Marshals Service, including funds tied to the 2016 Bitfinex hack. Authorities seized cash, hard drives, and security keys, and investigators say public blockchain analysis played a key role in identifying him.

🚨 Spanish and Ukrainian authorities dismantled a criminal network that exploited war-displaced Ukrainian women to run an automated online gambling and money-laundering scheme. The group financed victims' travel to Spain, coerced them into opening bank accounts and credit cards, then seized control to feed bot-driven low-odds bets. Investigators say the operation used identities from over 5,000 people across 17 nationalities and laundered an estimated €4.75 million. Authorities arrested 12 suspects, executed searches in Spain and Ukraine, and seized devices, bots, SIMs, vehicles and frozen properties.

🔒 The FBI has seized the LeakBase cybercrime forum and preserved data from more than 142,000 members as part of a multinational operation coordinated by Europol. On March 3–4 authorities seized two domains, switched nameservers to ns1.fbi.seized.gov and ns2.fbi.seized.gov, and posted a seizure notice. Investigators secured the forum database — including accounts, posts, private messages, credit details, and IP logs — for evidentiary use and executed arrests, searches, and interviews across the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.

🔎 Europol-led Operation Compass has resulted in 30 arrests and linked 179 suspects to The Com, a decentralized cybercrime collective that targets children and teenagers. Launched in January 2025 and coordinated with law enforcement from 28 countries, the action identified 62 victims and directly safeguarded four. Investigators mapped multiple subgroups—Offline Com, Cyber Com, and (S)extortion Com—that facilitate violence, intrusions, and sexual exploitation.

🔒 US authorities have taken swift action against sellers of cyberweapons, sentencing Australian national Peter Williams to 87 months in prison after he sold sensitive exploit components for up to $4 million in cryptocurrency. The Treasury’s OFAC also sanctioned Sergey Sergeyevich Zelenyuk and Matrix LLC (trading as Operation Zero) for acquiring and distributing proprietary US cyber tools. Sanctions block US-held assets and may trigger criminal charges for prohibited transactions.

📧 A financially motivated threat group dubbed Diesel Vortex has run an extensive phishing campaign since September 2025 targeting freight and logistics operators across the U.S. and Europe, using roughly 52 domains to harvest credentials. Researchers at Have I Been Squatted and partner Ctrl-Alt-Intel discovered exposed repositories and Telegram webhook logs revealing the group's tooling, communications, and an internal mind map describing a call-center style operation. The campaign stole 1,649 unique credential pairs and employed sophisticated evasion — Cyrillic homoglyphs, a nine-stage cloaking chain, voice phishing, Telegram infiltration, and pixel-perfect clones — before coordinated takedowns disrupted the infrastructure.

⚖️ A Glendale man, 36-year-old Davit Avalyan, was sentenced to 57 months in federal prison after pleading guilty to one count of conspiracy to distribute narcotics for his role in a darknet trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine nationwide. Prosecutors say Avalyan and three co-conspirators operated multiple vendor storefronts — including JoyInc, PlanetHollywood, and LaFarmacia — from 2018 to 2025, shipping parcels via the U.S. Postal Service and accepting cryptocurrency. The FBI's JCODE task force led the investigation with support from USPS inspectors, the DEA, IRS-CI, and LAPD.

🤖 Unit 42 of Palo Alto Networks found that low-skilled cybercriminals are using LLMs to script extortion campaigns, a technique researchers call vibe extortion. In one case, an intoxicated attacker recorded a threat video and read an AI-generated script verbatim, gaining a professional tone despite lacking technical skill. The report warns that AI is acting as a force multiplier—speeding reconnaissance, crafting convincing lures, and automating extortion tasks—raising risk even from unsophisticated actors and urging immediate mitigations.

🎰 Two Connecticut residents, Amitoj Kapoor and Siddharth Lillaney, were federally indicted on 45 counts alleging a wide-ranging identity theft and gambling fraud scheme that generated about $3 million in illicit profits. Prosecutors say the men bought PII for roughly 3,000 victims on darknet markets and Telegram, used background-check services to pass verifications, and opened fraudulent accounts on FanDuel, DraftKings and BetMGM. Winnings were routed through virtual stored-value cards and then moved into accounts controlled by the defendants. Both were released on $300,000 bonds; the charges remain allegations.

⚖️ A U.S. federal judge sentenced 24-year-old Rui‑Siang Lin to 30 years in prison for operating Incognito Market, a darknet narcotics marketplace that sold more than $105 million in illegal drugs worldwide. Lin pleaded guilty to money laundering, narcotics distribution conspiracy, and selling misbranded medication after his May 2024 arrest. The market hosted over 1,800 vendors and 400,000 customer accounts, processing more than 640,000 transactions and using a cryptocurrency payment platform called Incognito Bank. Judge Colleen McMahon described the operation as the most serious drug crime she had encountered in her career.

🔒 A coordinated international law enforcement operation led by Italy’s District Prosecutor’s Office of Catania, with support from Europol, Eurojust and Interpol, dismantled three large illegal IPTV platforms. Authorities seized infrastructure linked to IPTVItalia, migliorIPTV and DarkTV, identified 31 suspects and disrupted servers across Romania and Africa. Investigators report the services illegally retransmitted content from providers such as Sky, DAZN, Netflix and others while using cryptocurrencies and shell companies to obscure proceeds.

🔒Fortinet convened a cross-sector panel at the World Economic Forum Annual Meeting in Davos to explore how incentives can shift the economics of cybercrime. Panelists from law enforcement, industry, and civil society highlighted the limits of voluntary intelligence sharing and the need for structured collaboration. Initiatives like the Cybercrime Bounty and the Cybercrime Atlas were presented as practical mechanisms to accelerate validated, anonymous reporting and enable faster action against transnational threats.