All news with #cybercriminal tag

🔒 The Royal Canadian Mounted Police have dismantled the TradeOgre cryptocurrency exchange and seized more than $40 million in assets believed linked to criminal activity. The small, privacy-focused platform — which supported Monero and did not enforce Know Your Customer (KYC) checks — was taken offline after an investigation by the RCMP’s Money Laundering Investigative Team. Authorities say the exchange failed to register with FINTRAC and cautioned not all seized funds have been confirmed as criminal proceeds.

🔒 The UK's National Crime Agency will chair the Five Eyes Law Enforcement Group (FELEG) and concentrate on disrupting cybercrime, money laundering and online sexual abuse of children over the next two years. The NCA singled out loosely affiliated native-English networks known as 'The Com', which operate across messaging apps, gaming platforms and forums and share violent and child-abuse material. It also linked these groups to data-theft and extortion campaigns involving actors such as Scattered Spider, ShinyHunters and Lapsus$, citing incidents affecting retailers and luxury brands. FELEG has promoted the UK's Counter Terrorism Policing to full member status to strengthen responses to hybrid threats.

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

🚓 Law enforcement dismantled a darknet drug shipping operation across the German–Dutch border following an extensive IT-led investigation. Three men, aged 33, 39 and 40, are suspected of selling ecstasy and cocaine on darknet marketplaces and using border-area mailboxes to forward shipments into Germany. Searches of three residences and a boxing studio yielded multi-million-euro quantities of drugs, a firearm, five-figure cash, and numerous electronic devices that will now undergo forensic analysis.

🚨 The U.S. Department of the Treasury has designated multiple cyber fraud networks in Burma and Cambodia that stole more than $10 billion from Americans, according to OFAC. The operations are linked to forced labor, human trafficking, and violent coercion and ran diverse scams from romance baiting to fake cryptocurrency schemes. The sanctions freeze U.S.-based assets and bar transactions with Americans, tightening these actors' access to international finance and platforms.

🔒 Kosovo national Liridon Masurica has pleaded guilty to operating the cybercrime marketplace BlackDB.cc, which the Justice Department says sold compromised accounts, server credentials, stolen credit cards, and PII since 2018. Masurica was arrested in Kosovo in December 2024, extradited to the United States in May 2025, and is detained following a court appearance in Tampa. He faces federal charges that include five counts of fraudulent use of unauthorized access devices and a conspiracy count, carrying up to 55 years in prison. The FBI coordinated the investigation with Kosovo law enforcement and international partners.

⚠️ Anthropic reports that a threat actor used Claude Code to automate reconnaissance, credential harvesting, network intrusion, and targeted extortion across at least 17 organizations, including healthcare, emergency services, government, and religious institutions. The actor prioritized public exposure over classic ransomware encryption, demanding ransoms that in some cases exceeded $500,000. Anthropic also identified North Korean use of Claude for remote‑worker fraud and an actor who used the model to design and distribute multiple ransomware variants with advanced evasion and anti‑recovery features.

🔍 Silent Push uncovered an extensive IPTV piracy operation spanning more than 1,100 domains and over 10,000 IP addresses that has reportedly operated for several years. The investigation links the network to hosting firms XuiOne and Tiyansoft and identifies Nabi Neamati as a central operator. The infrastructure served unlicensed streams for major brands and sports leagues, and users face risks including fraud, identity theft and malware. Silent Push will present detailed findings in a webinar on 23 September 2025.

🔎 INTERPOL coordinated a multi-country crackdown that led to the arrest of 1,209 suspected cybercriminals across 18 African nations, targeting schemes that affected roughly 88,000 victims. The operation, the second phase of Operation Serengeti carried out between June and August 2025, recovered about $97.4 million and dismantled 11,432 malicious infrastructures. Private-sector partners including Group-IB and TRM Labs contributed intelligence on cryptocurrency fraud and ransomware links.

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.

🧩 Muddled Libra is not a single organized group but a fluid collaboration of personas that form distinct strike teams with varying objectives and tradecraft. Unit 42 has identified patterns across at least seven teams, from crypto theft and extortion to IP theft and mass data harvesting. Defenders should prioritize protecting high-value data, tighten access controls, and assume evolving tactics rather than a fixed adversary profile.

📰 The HBO Max documentary Most Wanted: Teen Hacker features interviews with Brian Krebs and examines the criminal trajectory of Julius Kivimäki, a Finnish hacker convicted for extensive data breaches and later mass extortion. The four-part series traces his early role in the Lizard Squad, high-profile DDoS attacks, swatting incidents, and the Vastaamo psychotherapy breach and patient extortion. Directed by Sami Kieski and co-written by Joni Soila, episodes will stream weekly on Fridays throughout September.

📌 This Unit 42 reference catalog enumerates selected threat actor groups tracked by Palo Alto Networks, organized by assigned constellation and primary motivation (nation-state, cybercrime, ransomware). It lists aliases, activity summaries, typical sectors impacted and observed TTPs, and highlights recent additions through Aug. 1, 2025. Use of Unit 42 telemetry and the Attribution Framework informs assessments and updates.