All news with #cybercriminal tag

🛡️ Spanish law enforcement arrested 34 individuals in a coordinated operation targeting a criminal network tied to the Black Axe syndicate, with assistance from the Bavarian State Criminal Police Office and Europol. Searches in Seville, Madrid, Malaga, and Barcelona yielded €66,400 in cash, electronic devices, vehicles, and frozen bank accounts totaling €119,350. Authorities say the group specialized in Man-in-the-Middle (MITM) frauds, notably Business Email Compromise, and caused more than $6 million in losses over 15 years, $3.5 million of which relate to this case. Four principal suspects are in pretrial detention and face charges including aggravated continuous fraud, money laundering, and document forgery.

🚨 Europol and the Spanish National Police announced the arrest of 34 suspected members of the Black Axe transnational crime group across Seville, Madrid, Málaga and Barcelona. Authorities froze €119,352 in bank accounts and seized €66,403 in cash during coordinated searches, while estimating fraud losses exceeding €5.93 million linked to the network. Investigators describe Black Axe as a hierarchical syndicate involved in cyber-enabled fraud, trafficking, kidnapping and other violent crimes with origins in Nigeria.

🛡️ Europol-backed Spanish and German police have arrested 34 suspects linked to the international cybercriminal group Black Axe, executing coordinated raids across Seville, Madrid, Málaga and Barcelona. Authorities froze €119,352 in bank accounts and seized €66,403 in cash while attributing nearly €6m in local fraud losses to the cell. Europol provided intelligence, analysis and on-site support to disrupt a core group that recruits money mules in high-unemployment areas and runs BEC, romance scam, phishing and extortion operations.

🔎 Elliptic's analysis shows Chinese-language darknet marketplaces on Telegram have expanded to unprecedented scale, despite Telegram's early‑2025 takedowns of two major sites. The current leading platforms, Tudou Guarantee and Xinbi Guarantee, are estimated to facilitate nearly $2 billion per month in money‑laundering and illicit commerce. They traffic in stolen data, scam infrastructure, fake investment sites, AI deepfake tools, and a wide range of illegal services that directly enable large-scale "pig butchering" romance and investment scams.

🔍 Cybercrime has evolved into a structured, global underground economy that frequently outperforms corporate IT in speed, efficiency and scale. Organized groups now run with defined roles, measurable KPIs and productized offerings such as Ransomware-as-a-Service, enabling nontechnical affiliates to launch high-impact attacks. The decisive metric is no longer if an organization will be targeted but how quickly it can recover and limit reputational and operational damage.

🎉 KrebsOnSecurity.com marks its 16th anniversary with a year of investigative reporting that focused on entities enabling complex, globally dispersed cybercrime. Coverage in 2025 examined rebranded bulletproof hosting such as Stark Industries Solutions, the rise and sanctioning of payment processor Cryptomus, pervasive voice- and SMS-phishing operations, and massive disruptive botnets including Aisuru and the emergent Kimwolf. The site detailed law enforcement actions, record DDoS assaults on the publication, and upcoming deep-dive reporting into Kimwolf. Readers are invited to subscribe to the plain-text newsletter and to consider exempting the site from ad blockers to support independent reporting.

🔒 Cyber criminals are increasingly recruiting insiders at banks, telecoms, and tech firms to obtain network and cloud access. Darknet adverts offer payouts ranging from $3,000 to $15,000 for account credentials or direct access, and threat actors target crypto exchanges, banks, and major cloud providers. Effective prevention requires employee education, enforced access controls, and active darknet monitoring.

💰 Federal prosecutors announced indictments against 54 individuals accused of using Ploutus malware to carry out ATM 'jackpotting' attacks across the United States. Two separate grand jury indictments in the District of Nebraska charge 22 and 32 defendants with installing malware, removing or replacing ATM hard drives, and forcing cash dispensals. Authorities allege total losses reached $40.73m and tie some activity to the Venezuelan syndicate Tren de Aragua.

🔒 The FBI led an international operation that seized websites and infrastructure tied to E-Note, a Russian-controlled cryptocurrency exchange alleged to have facilitated laundering for cybercriminals. Authorities unsealed an indictment on Dec. 17 against Mykhalio Petrovich Chudnovets, accused of offering money laundering services since 2010. Law enforcement recovered servers, mobile apps, customer databases and records linking more than $70m in illicit proceeds to ransomware and account-takeover campaigns.

🔍 Eurojust coordinated a cross-border operation that disrupted a Ukraine-based call-centre fraud ring alleged to have defrauded consumers of more than €10m ($11.7m). An action day on 9 December produced 72 searches in Dnipro, Ivano-Frankivsk and Kyiv, resulting in 12 arrests and 45 suspects identified. Authorities seized forged IDs, computers, phones, a polygraph machine, cash, 21 vehicles and weapons. Investigators say scammers used remote-access tools and bogus 'safe' accounts, recruiting staff from multiple countries and offering up to 7% of proceeds plus large bonuses to high earners.

🔒 A 19-year-old suspect in Igualada, Barcelona, was arrested after authorities linked him to breaches at nine companies and the theft of 64 million private records. Police say the dataset included full names, home addresses, email addresses, phone numbers, DNI numbers and IBAN codes that the suspect attempted to sell on hacker forums using multiple accounts and pseudonyms. Officers seized computers and cryptocurrency wallets believed to hold proceeds from the sales; the investigation began in June. Separately, Ukrainian police arrested a 22-year-old who used custom malware and a 5,000-account bot farm to compromise and sell social media access.

🔒 Evan Tangeman, 22, has pleaded guilty to laundering proceeds from a sophisticated criminal network that stole roughly US $263 million in cryptocurrency. Prosecutors say the Social Engineering Enterprise was organised via online gaming connections and used hackers, impersonating 'callers', burglars and money launderers to seize and convert victims' crypto. Tangeman admitted converting about US $3.5 million and faces sentencing on April 24, 2026.

🔒Three Ukrainian nationals were arrested in Poland after police discovered a cache of devices alleged to be capable of interfering with strategic IT and telecommunications systems. Officers seized a Flipper Zero, a K19 RF/GS detector, antennas, laptops, numerous SIM cards, routers, portable drives, and cameras. The suspects, aged 39–43, face charges including fraud, computer fraud, and possession of tools intended for criminal activity, and are detained pending trial.

🔐 In episode 446 of the Smashing Security podcast, Graham Cluley and guest Rik Ferguson discuss a teenage cybercriminal who inadvertently doxxed himself by mocking a sextortion scammer. They examine how stolen data has become the jet fuel of cybercrime and consider worrying trends for 2026. Plus, Graham rants about intrusive recipe sites and shares musical notes about Lily Allen.

🛡️ The Pall Mall Process, launched in 2024 by the UK and France with 27 governments and major tech firms onboard, seeks to set guidelines for commercial cyber intrusion capabilities. Its second phase invites input from the offensive cyber industry — vendors, brokers, researchers and service providers — on what constitutes responsible behaviour. The guidance will complement the existing Code of Practice for States and aims to curb irresponsible trade in spyware and zero‑day exploits. The public consultation closes on December 22.

🔒Crimeware now behaves like subscription software: inexperienced attackers can rent turnkey services for phishing, access, data feeds, and malware instead of building tools. Varonis outlines five subscriptionized offerings — from AI-driven PhaaS (e.g., SpamGPT) and malicious PDF builders (MatrixPDF) to Telegram OTP-capture bots and searchable infostealer feeds. The piece shows how IABs and low-cost RAT subscriptions (for example, Atroposia) commoditize breaches and lower technical barriers. Defenders should adopt a system-first posture: automate detection playbooks, rotate credentials frequently, and enforce least privilege to raise costs for subscription-based attackers.

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

🤖Agentic AI gives autonomous agents the ability to access external systems, gather information, and take actions within defined workflows, making routine multi-system tasks far more efficient for human operators. Cisco Talos warns this efficiency is already being mirrored in the cyber crime economy, including the first observed AI-orchestrated campaign in early 2025. While AI lowers barriers to entry and speeds operations for attackers, it is imperfect and still requires skilled instruction and human oversight. Defenders can respond by building their own agentic tools, deploying honeypots to engage malicious agents, and refining detection to stay ahead.

🔒 Kunal Mehta, a 45-year-old from Irvine, has pleaded guilty to laundering at least $25 million connected to a wider $230 million cryptocurrency theft. Court documents say Mehta served as a money launderer for a transnational ring that used social engineering between October 2023 and March 2025 to access victims' crypto accounts. Prosecutors allege he created multiple shell companies in 2024, routed wire transfers into bank accounts designed to appear legitimate, and typically charged a 10% fee for converting stolen crypto to cash. Investigators say the group employed mixers, peel chains, pass-through wallets, VPNs, and conversions to Monero, though operational mistakes helped link laundered funds back to the theft.

🛑 Dutch police seized around 250 physical servers and thousands of virtual machines tied to a bulletproof hosting service that allegedly catered exclusively to cybercriminals. Authorities say the infrastructure has been used since 2022 in more than 80 investigations and facilitated ransomware, botnets, phishing, and distribution of child abuse content. Investigators will perform forensic analysis on the seized systems to identify operators and clients. No arrests have been announced; the provider CrazyRDP has reportedly gone offline after the action.