All news with #cybercriminal tag

💳 Criminal gangs operating from China send deceptive texts about overdue tolls, postal fees, and municipal fines to trick victims into divulging credit-card details. Investigators say the groups exploit an installation trick that provisions stolen card numbers into Google and Apple Wallet accounts in Asia, then share those virtual cards with buyers in the United States. The Department of Homeland Security estimates the scheme has generated over $1 billion in the last three years, enabling purchases of phones, gift cards, apparel and cosmetics by fraud rings that coordinate messaging, remote provisioning, and cross-border purchasing.

🔍Lumma Stealer operations have been disrupted after an underground doxxing campaign exposed personal and operational details of individuals allegedly tied to the malware’s development and administration. Trend Micro links the exposure to rival cybercriminal actors and reports that leaked data—shared on a site called Lumma Rats—included passports, bank details and contact information. The disclosures coincided with reduced C2 activity and the reported compromise of Telegram accounts, prompting many users to seek alternatives such as Vidar and StealC.

🚨 Europol announced the disruption of a sophisticated cybercrime-as-a-service SIM farm in Operation SIMCARTEL, resulting in seven arrests and 26 searches across multiple countries. Authorities seized 1,200 SIM box devices containing about 40,000 active SIM cards, dismantled five servers and took over two websites, and froze significant cash and cryptocurrency assets. The platform supplied numbers from over 80 countries and is tied to the creation of more than 49 million online accounts used in phishing, smishing, investment fraud and other serious offences.

🔍 Europol, together with national police units and the Shadowserver Foundation, dismantled an illegal SIM‑box service codenamed SIMCARTEL that rented phone numbers to criminals for creating fraudulent online accounts. The service operated about 1,200 SIM‑box devices with roughly 40,000 active SIM cards and offered numbers tied to individuals in more than 80 countries via seized sites gogetsms.com and apisim.com. Authorities linked the infrastructure to thousands of fraud cases and at least EUR 4.5 million in losses in Austria and EUR 420,000 in Latvia.

💰 The U.S. Department of Justice has seized $15 billion in bitcoin tied to Chen Zhi, leader of the Prince Group, a transnational criminal network that ran large-scale “pig butchering” cryptocurrency investment and romance scams. Unsealed court documents describe fortified forced-labor compounds in Cambodia, automated call centers, and over 100 shell companies spanning 30+ countries. The Treasury’s OFAC also sanctioned Chen Zhi and 146 associates as part of the coordinated action.

🔒 Fortinet underscores its leadership within the World Economic Forum’s Cybercrime Atlas, promoting cross-sector intelligence sharing and coordinated disruption to combat cybercriminal networks. The 2025 Impact Report, released ahead of the WEF Annual Meeting on Cybersecurity 2025, details operational support for INTERPOL-led Operations Serengeti and Serengeti 2.0 and quantifies arrests, takedowns, and recovered illicit funds. Fortinet stresses the need for accountability at scale and continued expansion of collaborative capacity-building.

🚨 Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the GXC Team, a Crime-as-a-Service operation that sold phishing kits, Android malware and AI-based tools to cybercriminals. The Guardia Civil detained the suspect known as "GoogleXcoder" after a year-long investigation and six coordinated raids across Spain. Investigators seized devices containing source code, client communications and cryptocurrency records, and identified six suspected accomplices. The probe, supported by Group-IB and Brazil's Federal Police, remains ongoing as authorities disable the group's online infrastructure.

🔒 Spanish Guardia Civil have dismantled the GXC Team cybercrime syndicate and arrested its alleged leader, a 25-year-old Brazilian known as GoogleXcoder. The group operated a crime-as-a-service platform on Telegram and a Russian-speaking forum, selling AI-driven phishing kits, Android malware that intercepted SMS/OTPs, and voice-scam tools. Authorities seized devices, source code, communication logs, and recovered stolen cryptocurrency. Nationwide raids on May 20 led to channel takedowns and the identification of additional suspects; the investigation remains ongoing.

🔍 INTERPOL announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters across 14 African countries as part of Operation Contender 3.0. Authorities identified more than 1,400 victims and estimate total losses at almost US $2.8 million. Law enforcement seized 1,235 electronic devices, including USB drives and SIM cards, and say they dismantled the infrastructure of 81 criminal operations by taking control of websites and servers. Officials warn that while takedowns are important, public awareness and victim support remain the best defenses against these growing threats.

🚨 Five suspects were arrested in a cross-border crackdown on a cryptocurrency investment fraud ring that stole over €100 million from more than 100 victims. The operation, coordinated by Eurojust and supported by Europol, involved investigative teams from Spain, Portugal, Bulgaria, Italy, Lithuania and Romania and included searches and asset freezes. The scam, active since at least 2018, lured investors with promises of high returns and routed funds to bank accounts in Lithuania; victims were later asked to pay recovery fees before platforms went offline.

🔒 The Royal Canadian Mounted Police have dismantled the TradeOgre cryptocurrency exchange and seized more than $40 million in assets believed linked to criminal activity. The small, privacy-focused platform — which supported Monero and did not enforce Know Your Customer (KYC) checks — was taken offline after an investigation by the RCMP’s Money Laundering Investigative Team. Authorities say the exchange failed to register with FINTRAC and cautioned not all seized funds have been confirmed as criminal proceeds.

🔒 The UK's National Crime Agency will chair the Five Eyes Law Enforcement Group (FELEG) and concentrate on disrupting cybercrime, money laundering and online sexual abuse of children over the next two years. The NCA singled out loosely affiliated native-English networks known as 'The Com', which operate across messaging apps, gaming platforms and forums and share violent and child-abuse material. It also linked these groups to data-theft and extortion campaigns involving actors such as Scattered Spider, ShinyHunters and Lapsus$, citing incidents affecting retailers and luxury brands. FELEG has promoted the UK's Counter Terrorism Policing to full member status to strengthen responses to hybrid threats.

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

🚓 Law enforcement dismantled a darknet drug shipping operation across the German–Dutch border following an extensive IT-led investigation. Three men, aged 33, 39 and 40, are suspected of selling ecstasy and cocaine on darknet marketplaces and using border-area mailboxes to forward shipments into Germany. Searches of three residences and a boxing studio yielded multi-million-euro quantities of drugs, a firearm, five-figure cash, and numerous electronic devices that will now undergo forensic analysis.

🚨 The U.S. Department of the Treasury has designated multiple cyber fraud networks in Burma and Cambodia that stole more than $10 billion from Americans, according to OFAC. The operations are linked to forced labor, human trafficking, and violent coercion and ran diverse scams from romance baiting to fake cryptocurrency schemes. The sanctions freeze U.S.-based assets and bar transactions with Americans, tightening these actors' access to international finance and platforms.

🔒 Kosovo national Liridon Masurica has pleaded guilty to operating the cybercrime marketplace BlackDB.cc, which the Justice Department says sold compromised accounts, server credentials, stolen credit cards, and PII since 2018. Masurica was arrested in Kosovo in December 2024, extradited to the United States in May 2025, and is detained following a court appearance in Tampa. He faces federal charges that include five counts of fraudulent use of unauthorized access devices and a conspiracy count, carrying up to 55 years in prison. The FBI coordinated the investigation with Kosovo law enforcement and international partners.

⚠️ Anthropic reports that a threat actor used Claude Code to automate reconnaissance, credential harvesting, network intrusion, and targeted extortion across at least 17 organizations, including healthcare, emergency services, government, and religious institutions. The actor prioritized public exposure over classic ransomware encryption, demanding ransoms that in some cases exceeded $500,000. Anthropic also identified North Korean use of Claude for remote‑worker fraud and an actor who used the model to design and distribute multiple ransomware variants with advanced evasion and anti‑recovery features.

🔍 Silent Push uncovered an extensive IPTV piracy operation spanning more than 1,100 domains and over 10,000 IP addresses that has reportedly operated for several years. The investigation links the network to hosting firms XuiOne and Tiyansoft and identifies Nabi Neamati as a central operator. The infrastructure served unlicensed streams for major brands and sports leagues, and users face risks including fraud, identity theft and malware. Silent Push will present detailed findings in a webinar on 23 September 2025.

🔎 INTERPOL coordinated a multi-country crackdown that led to the arrest of 1,209 suspected cybercriminals across 18 African nations, targeting schemes that affected roughly 88,000 victims. The operation, the second phase of Operation Serengeti carried out between June and August 2025, recovered about $97.4 million and dismantled 11,432 malicious infrastructures. Private-sector partners including Group-IB and TRM Labs contributed intelligence on cryptocurrency fraud and ransomware links.

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.