All news with #cybercriminal tag

⚖️ A Virginia man who co-created Empire Market pleaded guilty to federal drug conspiracy charges after facilitating roughly $430 million in illicit transactions from 2018 to 2020. The Tor-accessible marketplace, modeled after AlphaBay, reached about 1.68 million registered users and listed 166,029 controlled-substance offerings. Court filings say the operators used cryptocurrency to launder proceeds, employed moderators to resolve disputes, and oversaw sales by vendors that included heroin, methamphetamine, cocaine and fentanyl; the defendant agreed to substantial cryptocurrency and property forfeitures.

⚖️ A Slovakian national, 33‑year‑old Alan Bill (aka "Vend0r" or "KingdomOfficial"), pleaded guilty to a conspiracy to distribute controlled substances for his role operating the darknet Kingdom Market, which operated from March 2021 through December 2023. Federal undercover agents made purchases in July 2022, acquiring methamphetamine, fentanyl and a fraudulent U.S. passport, and authorities seized the site's infrastructure in December 2023. Bill was arrested at Newark Liberty International Airport after customs inspectors found multiple devices and a cryptocurrency hardware wallet linking him to the marketplace; he admitted providing web‑administration services, receiving cryptocurrency payments, and assisting with forum creation and moderation.

🔍 Chainalysis warns that Chinese-language money laundering networks now underpin a rapidly expanding global crypto laundering ecosystem, handling roughly 20% of illicit flows over the past five years. Last year these networks processed an estimated $16bn—about $44m per day—across 1,799+ active wallets. The firm traces the rise from a $10bn market in 2020 to over $82bn last year and identifies six operational typologies, from running point brokers to swapping-as-a-service, which increasingly avoid centralized exchanges and exploit OTC, gambling and mule-based layering services.

🏧 South Carolina prosecutors said two Venezuelan nationals pleaded guilty to conspiracy and computer crimes after using malware to force ATMs to dispense cash across the southeastern United States. They targeted older ATM models, installing a Ploutus variant by connecting laptops, using external drives, or swapping hard drives to trigger unauthorized withdrawals. Both defendants were sentenced, ordered to pay restitution, and face deportation following their terms.

🌐 At the World Economic Forum in Davos, Fortinet highlighted that cybercrime has evolved into a transnational economic system driven by specialization, automation, and AI. Leaders emphasized an acute imbalance: attackers benefit from low-risk, high-reward models while defenders are hindered by fragmented collaboration, jurisdictional limits, and a widening skills gap. Participants called for scaling structured, incentive-driven collaboration and validated community intelligence, together with targeted training and technology investment, to shift the economics in favor of defenders.

🤝 At Davos, Fortinet argues that cybercrime has evolved into an economic system sustained by specialized markets such as ransomware collectives and Cybercrime-as-a-Service. Attackers are leveraging automation and AI to scale and personalize campaigns, while defenders remain constrained by fragmented jurisdictions, voluntary sharing, and an enduring skills gap. The piece calls for scalable, incentive-driven collaboration, trusted reporting, expert validation, and stronger law enforcement partnerships to shift the economics in favor of defenders.

🛑 Elliptic reports that Tudou Guarantee, a major marketplace in the Southeast Asia scam economy, is shutting down its Telegram groups after US and UK sanctions tied to the Prince Group. Launched in 2023, the platform is linked to roughly $12bn in crypto transactions and absorbed merchants migrating from Huione Guarantee. While gambling and other non-fraud arms appear to continue, Elliptic notes a sharp drop in central wallet activity after the January 2026 arrest of Prince Group chairman Chen Zhi, and warns displaced actors will likely disperse across other marketplaces.

🔍 Elliptic reports that Tudou Guarantee, a Telegram-based guarantee marketplace, has effectively ceased processing transactions through its public Telegram groups after rapid growth and is estimated to have handled over $12 billion, ranking it among the largest illicit marketplaces. Some operations, notably gambling services, remain active, so Elliptic says this may be a staged shutdown or a strategic pivot. The pause in public activity coincides with law enforcement moves tied to the arrest and extradition of Prince Group CEO Chen Zhi.

🔒 Microsoft says it disrupted RedVDS, a cybercrime-as-a-service platform tied to at least $40 million in U.S. losses since March 2025. The company filed civil lawsuits in the U.S. and U.K., and — working with Europol and German authorities — seized servers, took the marketplace and customer portal offline, and removed malicious infrastructure. RedVDS rented disposable Windows cloud servers worldwide to enable large-scale phishing, BEC, credential theft and AI‑enhanced impersonation campaigns.

🔒 Cybercrime has evolved into a structured, global underground economy that mirrors legitimate corporations, with departments, KPIs, and scalable supply chains. Models like ransomware-as-a-service let nontechnical actors license malware, buy access, and outsource extortion, while payments and sales are managed via closed forums and cryptocurrencies. The result is an efficient, agile adversary that exploits human error, leverages AI for social engineering, and gains a persistent speed advantage over often bureaucratic defenders.

🛡️ Spanish law enforcement arrested 34 individuals in a coordinated operation targeting a criminal network tied to the Black Axe syndicate, with assistance from the Bavarian State Criminal Police Office and Europol. Searches in Seville, Madrid, Malaga, and Barcelona yielded €66,400 in cash, electronic devices, vehicles, and frozen bank accounts totaling €119,350. Authorities say the group specialized in Man-in-the-Middle (MITM) frauds, notably Business Email Compromise, and caused more than $6 million in losses over 15 years, $3.5 million of which relate to this case. Four principal suspects are in pretrial detention and face charges including aggravated continuous fraud, money laundering, and document forgery.

🚨 Europol and the Spanish National Police announced the arrest of 34 suspected members of the Black Axe transnational crime group across Seville, Madrid, Málaga and Barcelona. Authorities froze €119,352 in bank accounts and seized €66,403 in cash during coordinated searches, while estimating fraud losses exceeding €5.93 million linked to the network. Investigators describe Black Axe as a hierarchical syndicate involved in cyber-enabled fraud, trafficking, kidnapping and other violent crimes with origins in Nigeria.

🛡️ Europol-backed Spanish and German police have arrested 34 suspects linked to the international cybercriminal group Black Axe, executing coordinated raids across Seville, Madrid, Málaga and Barcelona. Authorities froze €119,352 in bank accounts and seized €66,403 in cash while attributing nearly €6m in local fraud losses to the cell. Europol provided intelligence, analysis and on-site support to disrupt a core group that recruits money mules in high-unemployment areas and runs BEC, romance scam, phishing and extortion operations.

🔎 Elliptic's analysis shows Chinese-language darknet marketplaces on Telegram have expanded to unprecedented scale, despite Telegram's early‑2025 takedowns of two major sites. The current leading platforms, Tudou Guarantee and Xinbi Guarantee, are estimated to facilitate nearly $2 billion per month in money‑laundering and illicit commerce. They traffic in stolen data, scam infrastructure, fake investment sites, AI deepfake tools, and a wide range of illegal services that directly enable large-scale "pig butchering" romance and investment scams.

🔍 Cybercrime has evolved into a structured, global underground economy that frequently outperforms corporate IT in speed, efficiency and scale. Organized groups now run with defined roles, measurable KPIs and productized offerings such as Ransomware-as-a-Service, enabling nontechnical affiliates to launch high-impact attacks. The decisive metric is no longer if an organization will be targeted but how quickly it can recover and limit reputational and operational damage.

🎉 KrebsOnSecurity.com marks its 16th anniversary with a year of investigative reporting that focused on entities enabling complex, globally dispersed cybercrime. Coverage in 2025 examined rebranded bulletproof hosting such as Stark Industries Solutions, the rise and sanctioning of payment processor Cryptomus, pervasive voice- and SMS-phishing operations, and massive disruptive botnets including Aisuru and the emergent Kimwolf. The site detailed law enforcement actions, record DDoS assaults on the publication, and upcoming deep-dive reporting into Kimwolf. Readers are invited to subscribe to the plain-text newsletter and to consider exempting the site from ad blockers to support independent reporting.

🔒 Cyber criminals are increasingly recruiting insiders at banks, telecoms, and tech firms to obtain network and cloud access. Darknet adverts offer payouts ranging from $3,000 to $15,000 for account credentials or direct access, and threat actors target crypto exchanges, banks, and major cloud providers. Effective prevention requires employee education, enforced access controls, and active darknet monitoring.

💰 Federal prosecutors announced indictments against 54 individuals accused of using Ploutus malware to carry out ATM 'jackpotting' attacks across the United States. Two separate grand jury indictments in the District of Nebraska charge 22 and 32 defendants with installing malware, removing or replacing ATM hard drives, and forcing cash dispensals. Authorities allege total losses reached $40.73m and tie some activity to the Venezuelan syndicate Tren de Aragua.

🔒 The FBI led an international operation that seized websites and infrastructure tied to E-Note, a Russian-controlled cryptocurrency exchange alleged to have facilitated laundering for cybercriminals. Authorities unsealed an indictment on Dec. 17 against Mykhalio Petrovich Chudnovets, accused of offering money laundering services since 2010. Law enforcement recovered servers, mobile apps, customer databases and records linking more than $70m in illicit proceeds to ransomware and account-takeover campaigns.

🔍 Eurojust coordinated a cross-border operation that disrupted a Ukraine-based call-centre fraud ring alleged to have defrauded consumers of more than €10m ($11.7m). An action day on 9 December produced 72 searches in Dnipro, Ivano-Frankivsk and Kyiv, resulting in 12 arrests and 45 suspects identified. Authorities seized forged IDs, computers, phones, a polygraph machine, cash, 21 vehicles and weapons. Investigators say scammers used remote-access tools and bogus 'safe' accounts, recruiting staff from multiple countries and offering up to 7% of proceeds plus large bonuses to high earners.