All news with #cybercriminal tag

🔒 A 19-year-old suspect in Igualada, Barcelona, was arrested after authorities linked him to breaches at nine companies and the theft of 64 million private records. Police say the dataset included full names, home addresses, email addresses, phone numbers, DNI numbers and IBAN codes that the suspect attempted to sell on hacker forums using multiple accounts and pseudonyms. Officers seized computers and cryptocurrency wallets believed to hold proceeds from the sales; the investigation began in June. Separately, Ukrainian police arrested a 22-year-old who used custom malware and a 5,000-account bot farm to compromise and sell social media access.

🔒 Evan Tangeman, 22, has pleaded guilty to laundering proceeds from a sophisticated criminal network that stole roughly US $263 million in cryptocurrency. Prosecutors say the Social Engineering Enterprise was organised via online gaming connections and used hackers, impersonating 'callers', burglars and money launderers to seize and convert victims' crypto. Tangeman admitted converting about US $3.5 million and faces sentencing on April 24, 2026.

🔒Three Ukrainian nationals were arrested in Poland after police discovered a cache of devices alleged to be capable of interfering with strategic IT and telecommunications systems. Officers seized a Flipper Zero, a K19 RF/GS detector, antennas, laptops, numerous SIM cards, routers, portable drives, and cameras. The suspects, aged 39–43, face charges including fraud, computer fraud, and possession of tools intended for criminal activity, and are detained pending trial.

🔐 In episode 446 of the Smashing Security podcast, Graham Cluley and guest Rik Ferguson discuss a teenage cybercriminal who inadvertently doxxed himself by mocking a sextortion scammer. They examine how stolen data has become the jet fuel of cybercrime and consider worrying trends for 2026. Plus, Graham rants about intrusive recipe sites and shares musical notes about Lily Allen.

🛡️ The Pall Mall Process, launched in 2024 by the UK and France with 27 governments and major tech firms onboard, seeks to set guidelines for commercial cyber intrusion capabilities. Its second phase invites input from the offensive cyber industry — vendors, brokers, researchers and service providers — on what constitutes responsible behaviour. The guidance will complement the existing Code of Practice for States and aims to curb irresponsible trade in spyware and zero‑day exploits. The public consultation closes on December 22.

🔒Crimeware now behaves like subscription software: inexperienced attackers can rent turnkey services for phishing, access, data feeds, and malware instead of building tools. Varonis outlines five subscriptionized offerings — from AI-driven PhaaS (e.g., SpamGPT) and malicious PDF builders (MatrixPDF) to Telegram OTP-capture bots and searchable infostealer feeds. The piece shows how IABs and low-cost RAT subscriptions (for example, Atroposia) commoditize breaches and lower technical barriers. Defenders should adopt a system-first posture: automate detection playbooks, rotate credentials frequently, and enforce least privilege to raise costs for subscription-based attackers.

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

🤖Agentic AI gives autonomous agents the ability to access external systems, gather information, and take actions within defined workflows, making routine multi-system tasks far more efficient for human operators. Cisco Talos warns this efficiency is already being mirrored in the cyber crime economy, including the first observed AI-orchestrated campaign in early 2025. While AI lowers barriers to entry and speeds operations for attackers, it is imperfect and still requires skilled instruction and human oversight. Defenders can respond by building their own agentic tools, deploying honeypots to engage malicious agents, and refining detection to stay ahead.

🔒 Kunal Mehta, a 45-year-old from Irvine, has pleaded guilty to laundering at least $25 million connected to a wider $230 million cryptocurrency theft. Court documents say Mehta served as a money launderer for a transnational ring that used social engineering between October 2023 and March 2025 to access victims' crypto accounts. Prosecutors allege he created multiple shell companies in 2024, routed wire transfers into bank accounts designed to appear legitimate, and typically charged a 10% fee for converting stolen crypto to cash. Investigators say the group employed mixers, peel chains, pass-through wallets, VPNs, and conversions to Monero, though operational mistakes helped link laundered funds back to the theft.

🛑 Dutch police seized around 250 physical servers and thousands of virtual machines tied to a bulletproof hosting service that allegedly catered exclusively to cybercriminals. Authorities say the infrastructure has been used since 2022 in more than 80 investigations and facilitated ransomware, botnets, phishing, and distribution of child abuse content. Investigators will perform forensic analysis on the seized systems to identify operators and clients. No arrests have been announced; the provider CrazyRDP has reportedly gone offline after the action.

🚨The U.S. Department of Justice, U.S. Attorney's Office, FBI and Secret Service have created the Scam Center Strike Force to disrupt Chinese-operated cryptocurrency scam networks that reportedly steal nearly $10 billion from Americans annually. The team focuses on tracing illicit funds, seizing cryptocurrency and coordinating international partners to dismantle scam infrastructure based in Southeast Asia. Authorities say many operations run from criminal compounds where workers are victims of trafficking. More than $401 million in crypto has already been seized and additional forfeiture actions are underway.

🔒 Zhimin Qian, dubbed the "Bitcoin Queen," was sentenced in London to 11 years and eight months after a seven-year Met Police investigation found she laundered proceeds from a £5.5 billion cryptocurrency investment scheme that defrauded more than 128,000 victims in China between 2014 and 2017. Investigators seized 61,000 Bitcoin — now valued at roughly £5.5 billion — marking the largest crypto seizure in UK history. Two associates received prison terms and authorities confiscated additional assets including wallets, encrypted devices, cash, and gold.

🔎 International authorities dismantled three large credit card fraud and money‑laundering networks in a coordinated November 4 operation, Operation Chargeback, resulting in 18 arrests and the seizure of assets worth over EUR 35 million. Investigators say the rings exploited four major German payment service providers to process and launder at least EUR 300 million in fraudulent charges that affected more than 4.3 million cardholders worldwide. The schemes generated about 19 million fake online subscriptions by using stolen card data and low, recurring charges to evade detection.

🛡️ The U.S. Treasury on Tuesday sanctioned eight individuals and two entities tied to North Korea's global financial network for laundering proceeds from cybercrime and fraudulent IT-worker schemes. The list names Jang Kuk Chol and Ho Jong Son, linked to $5.3 million in cryptocurrency managed for First Credit Bank, as well as Korea Mangyongdae Computer Technology Company (KMCTC), its president U Yong Su, and Ryujong Credit Bank. Treasury said the funds help finance Pyongyang's weapons and cyber programs, while blockchain firm TRM Labs reported sustained crypto inflows indicative of salary-routing activity.

🔎 Europol and Eurojust led a coordinated sweep from October 27–29 across Cyprus, Spain, and Germany that resulted in nine arrests tied to a cryptocurrency money‑laundering network accused of defrauding victims of €600 million (~$688 million). Authorities executed searches and seized €800,000 ($918,000) in bank funds, €415,000 ($476,000) in cryptocurrencies, and €300,000 ($344,000) in cash. Investigators say the group created dozens of fake crypto investment platforms and lured victims via social media ads, cold calls, fake news articles, and fraudulent celebrity testimonials. The scheme laundered proceeds using blockchain techniques and was disrupted after victim complaints spurred a cross‑border investigation.

🔍An international cryptocurrency investment and money‑laundering network has been dismantled in Europe after coordinated operations by French, Belgian and Cypriot authorities. Nine suspects were arrested across Cyprus, Germany and Spain between October 27 and 30, and investigators seized roughly €1.6m in cash, bank funds, crypto wallets and luxury items. French prosecutors say the group ran dozens of fake trading platforms and used social media, phone calls and sponsored fake news to target hundreds of victims, laundering at least $700m in crypto proceeds.

🔎 European authorities arrested nine suspected money launderers tied to a crypto investment fraud ring that stole over €600 million from victims across multiple countries. The coordinated raids on October 27 and 29 in Cyprus, Spain and Germany were led by Eurojust from The Hague. Investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies and €300,000 in cash. The suspects allegedly used dozens of fake investment platforms and social engineering — including social media ads, cold calls, fake news and celebrity testimonials — to recruit victims and then laundered proceeds using blockchain tools.

🚚 Proofpoint researchers report that cybercriminals are compromising transportation firms to facilitate physical cargo theft by abusing remote management and access tools. Attackers use social engineering — including fake load-board listings, email thread hijacking and targeted phishing — to deliver installers that deploy RMM and RAS utilities. Once inside, they perform reconnaissance, harvest credentials with tools such as WebBrowserPassView, and expand access, enabling organized-crime partners to bid on and steal shipments.

🚚 Proofpoint warns that cybercriminals are increasingly deploying legitimate remote monitoring and management tools to compromise trucking and logistics firms, enabling cargo theft and financial gain. Working with organized crime, they target asset-based carriers, brokers and integrated providers—especially food and beverage shipments—using compromised emails, fraudulent load-board listings and booby-trapped MSI/EXE installers to deliver ScreenConnect, SimpleHelp and other RMMs. Once inside, attackers conduct reconnaissance, harvest credentials with tools like WebBrowserPassView, delete bookings, block dispatcher alerts and reassign loads to facilitate physical theft, often selling stolen cargo online or overseas.

🔍 Group-IB's research warns of a rapid rise in fake investment platforms across Asia that mimic cryptocurrency and forex exchanges to defraud victims. Organized, cross-border groups recruit via social media and messaging apps, deploying polished trading interfaces, automated chatbots and complex back-end systems to extract payments. The report maps two analytical models — Victim Manipulation Flow and Multi-Actor Fraud Network — and urges banks and regulators to monitor reused infrastructure and tighten KYC controls.