All news with #cybercriminal tag

🚨The U.S. Department of Justice, U.S. Attorney's Office, FBI and Secret Service have created the Scam Center Strike Force to disrupt Chinese-operated cryptocurrency scam networks that reportedly steal nearly $10 billion from Americans annually. The team focuses on tracing illicit funds, seizing cryptocurrency and coordinating international partners to dismantle scam infrastructure based in Southeast Asia. Authorities say many operations run from criminal compounds where workers are victims of trafficking. More than $401 million in crypto has already been seized and additional forfeiture actions are underway.

🔒 Zhimin Qian, dubbed the "Bitcoin Queen," was sentenced in London to 11 years and eight months after a seven-year Met Police investigation found she laundered proceeds from a £5.5 billion cryptocurrency investment scheme that defrauded more than 128,000 victims in China between 2014 and 2017. Investigators seized 61,000 Bitcoin — now valued at roughly £5.5 billion — marking the largest crypto seizure in UK history. Two associates received prison terms and authorities confiscated additional assets including wallets, encrypted devices, cash, and gold.

🔎 International authorities dismantled three large credit card fraud and money‑laundering networks in a coordinated November 4 operation, Operation Chargeback, resulting in 18 arrests and the seizure of assets worth over EUR 35 million. Investigators say the rings exploited four major German payment service providers to process and launder at least EUR 300 million in fraudulent charges that affected more than 4.3 million cardholders worldwide. The schemes generated about 19 million fake online subscriptions by using stolen card data and low, recurring charges to evade detection.

🛡️ The U.S. Treasury on Tuesday sanctioned eight individuals and two entities tied to North Korea's global financial network for laundering proceeds from cybercrime and fraudulent IT-worker schemes. The list names Jang Kuk Chol and Ho Jong Son, linked to $5.3 million in cryptocurrency managed for First Credit Bank, as well as Korea Mangyongdae Computer Technology Company (KMCTC), its president U Yong Su, and Ryujong Credit Bank. Treasury said the funds help finance Pyongyang's weapons and cyber programs, while blockchain firm TRM Labs reported sustained crypto inflows indicative of salary-routing activity.

🔎 Europol and Eurojust led a coordinated sweep from October 27–29 across Cyprus, Spain, and Germany that resulted in nine arrests tied to a cryptocurrency money‑laundering network accused of defrauding victims of €600 million (~$688 million). Authorities executed searches and seized €800,000 ($918,000) in bank funds, €415,000 ($476,000) in cryptocurrencies, and €300,000 ($344,000) in cash. Investigators say the group created dozens of fake crypto investment platforms and lured victims via social media ads, cold calls, fake news articles, and fraudulent celebrity testimonials. The scheme laundered proceeds using blockchain techniques and was disrupted after victim complaints spurred a cross‑border investigation.

🔍An international cryptocurrency investment and money‑laundering network has been dismantled in Europe after coordinated operations by French, Belgian and Cypriot authorities. Nine suspects were arrested across Cyprus, Germany and Spain between October 27 and 30, and investigators seized roughly €1.6m in cash, bank funds, crypto wallets and luxury items. French prosecutors say the group ran dozens of fake trading platforms and used social media, phone calls and sponsored fake news to target hundreds of victims, laundering at least $700m in crypto proceeds.

🔎 European authorities arrested nine suspected money launderers tied to a crypto investment fraud ring that stole over €600 million from victims across multiple countries. The coordinated raids on October 27 and 29 in Cyprus, Spain and Germany were led by Eurojust from The Hague. Investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies and €300,000 in cash. The suspects allegedly used dozens of fake investment platforms and social engineering — including social media ads, cold calls, fake news and celebrity testimonials — to recruit victims and then laundered proceeds using blockchain tools.

🚚 Proofpoint researchers report that cybercriminals are compromising transportation firms to facilitate physical cargo theft by abusing remote management and access tools. Attackers use social engineering — including fake load-board listings, email thread hijacking and targeted phishing — to deliver installers that deploy RMM and RAS utilities. Once inside, they perform reconnaissance, harvest credentials with tools such as WebBrowserPassView, and expand access, enabling organized-crime partners to bid on and steal shipments.

🚚 Proofpoint warns that cybercriminals are increasingly deploying legitimate remote monitoring and management tools to compromise trucking and logistics firms, enabling cargo theft and financial gain. Working with organized crime, they target asset-based carriers, brokers and integrated providers—especially food and beverage shipments—using compromised emails, fraudulent load-board listings and booby-trapped MSI/EXE installers to deliver ScreenConnect, SimpleHelp and other RMMs. Once inside, attackers conduct reconnaissance, harvest credentials with tools like WebBrowserPassView, delete bookings, block dispatcher alerts and reassign loads to facilitate physical theft, often selling stolen cargo online or overseas.

🔍 Group-IB's research warns of a rapid rise in fake investment platforms across Asia that mimic cryptocurrency and forex exchanges to defraud victims. Organized, cross-border groups recruit via social media and messaging apps, deploying polished trading interfaces, automated chatbots and complex back-end systems to extract payments. The report maps two analytical models — Victim Manipulation Flow and Multi-Actor Fraud Network — and urges banks and regulators to monitor reused infrastructure and tighten KYC controls.

💳 Criminal gangs operating from China send deceptive texts about overdue tolls, postal fees, and municipal fines to trick victims into divulging credit-card details. Investigators say the groups exploit an installation trick that provisions stolen card numbers into Google and Apple Wallet accounts in Asia, then share those virtual cards with buyers in the United States. The Department of Homeland Security estimates the scheme has generated over $1 billion in the last three years, enabling purchases of phones, gift cards, apparel and cosmetics by fraud rings that coordinate messaging, remote provisioning, and cross-border purchasing.

🔍Lumma Stealer operations have been disrupted after an underground doxxing campaign exposed personal and operational details of individuals allegedly tied to the malware’s development and administration. Trend Micro links the exposure to rival cybercriminal actors and reports that leaked data—shared on a site called Lumma Rats—included passports, bank details and contact information. The disclosures coincided with reduced C2 activity and the reported compromise of Telegram accounts, prompting many users to seek alternatives such as Vidar and StealC.

🚨 Europol announced the disruption of a sophisticated cybercrime-as-a-service SIM farm in Operation SIMCARTEL, resulting in seven arrests and 26 searches across multiple countries. Authorities seized 1,200 SIM box devices containing about 40,000 active SIM cards, dismantled five servers and took over two websites, and froze significant cash and cryptocurrency assets. The platform supplied numbers from over 80 countries and is tied to the creation of more than 49 million online accounts used in phishing, smishing, investment fraud and other serious offences.

🔍 Europol, together with national police units and the Shadowserver Foundation, dismantled an illegal SIM‑box service codenamed SIMCARTEL that rented phone numbers to criminals for creating fraudulent online accounts. The service operated about 1,200 SIM‑box devices with roughly 40,000 active SIM cards and offered numbers tied to individuals in more than 80 countries via seized sites gogetsms.com and apisim.com. Authorities linked the infrastructure to thousands of fraud cases and at least EUR 4.5 million in losses in Austria and EUR 420,000 in Latvia.

💰 The U.S. Department of Justice has seized $15 billion in bitcoin tied to Chen Zhi, leader of the Prince Group, a transnational criminal network that ran large-scale “pig butchering” cryptocurrency investment and romance scams. Unsealed court documents describe fortified forced-labor compounds in Cambodia, automated call centers, and over 100 shell companies spanning 30+ countries. The Treasury’s OFAC also sanctioned Chen Zhi and 146 associates as part of the coordinated action.

🔒 Fortinet underscores its leadership within the World Economic Forum’s Cybercrime Atlas, promoting cross-sector intelligence sharing and coordinated disruption to combat cybercriminal networks. The 2025 Impact Report, released ahead of the WEF Annual Meeting on Cybersecurity 2025, details operational support for INTERPOL-led Operations Serengeti and Serengeti 2.0 and quantifies arrests, takedowns, and recovered illicit funds. Fortinet stresses the need for accountability at scale and continued expansion of collaborative capacity-building.

🚨 Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the GXC Team, a Crime-as-a-Service operation that sold phishing kits, Android malware and AI-based tools to cybercriminals. The Guardia Civil detained the suspect known as "GoogleXcoder" after a year-long investigation and six coordinated raids across Spain. Investigators seized devices containing source code, client communications and cryptocurrency records, and identified six suspected accomplices. The probe, supported by Group-IB and Brazil's Federal Police, remains ongoing as authorities disable the group's online infrastructure.

🔒 Spanish Guardia Civil have dismantled the GXC Team cybercrime syndicate and arrested its alleged leader, a 25-year-old Brazilian known as GoogleXcoder. The group operated a crime-as-a-service platform on Telegram and a Russian-speaking forum, selling AI-driven phishing kits, Android malware that intercepted SMS/OTPs, and voice-scam tools. Authorities seized devices, source code, communication logs, and recovered stolen cryptocurrency. Nationwide raids on May 20 led to channel takedowns and the identification of additional suspects; the investigation remains ongoing.

🔍 INTERPOL announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters across 14 African countries as part of Operation Contender 3.0. Authorities identified more than 1,400 victims and estimate total losses at almost US $2.8 million. Law enforcement seized 1,235 electronic devices, including USB drives and SIM cards, and say they dismantled the infrastructure of 81 criminal operations by taking control of websites and servers. Officials warn that while takedowns are important, public awareness and victim support remain the best defenses against these growing threats.

🚨 Five suspects were arrested in a cross-border crackdown on a cryptocurrency investment fraud ring that stole over €100 million from more than 100 victims. The operation, coordinated by Eurojust and supported by Europol, involved investigative teams from Spain, Portugal, Bulgaria, Italy, Lithuania and Romania and included searches and asset freezes. The scam, active since at least 2018, lured investors with promises of high returns and routed funds to bank accounts in Lithuania; victims were later asked to pay recovery fees before platforms went offline.