All news with #enforcement tag

⚖️ The U.S. Department of Justice sentenced Russian national Ilya Angelov to two years in prison and fined him $100,000 for operating a botnet that enabled ransomware attacks against American companies. Angelov, 40, of Tolyatti, used aliases "milan" and "okart" and co‑managed the Russia‑based cybercriminal group TA551, which distributed malware-laden spam and sold access to compromised machines. Prosecutors say TA551 sold bot access to groups behind BitPaymer and IcedID, contributing to millions in extortion payments.

🔒 Aleksei Olegovich Volkov, a 26-year-old Russian national, was sentenced in the U.S. to 81 months in prison after pleading guilty to facilitating dozens of ransomware attacks as an initial access broker. Authorities say he helped breach networks and sell access to ransomware groups, resulting in over $9 million in actual losses and more than $24 million in intended losses. He was arrested in Italy in January 2024, extradited to the U.S., and agreed to pay restitution and forfeit tools used in the crimes.

🛡️ A Europol-backed, German-led operation has dismantled over 373,000 .onion sites tied to a fraudulent platform called Alice with Violence CP that advertised child sexual abuse material (CSAM) and cybercrime-as-a-service. The multi-year investigation, concentrated between 9–19 March, turned thousands of decoy domains into an honeypot that helped identify 440 customers. Authorities have issued an international arrest warrant for an alleged Chinese operator and continue probes into more than 100 suspects.

🚨 An international law enforcement operation, Operation Alice, has shut down more than 373,000 dark‑web sites that advertised fake child sexual abuse material (CSAM) and other cybercrime services. The Germany‑led probe, supported by Europol, focused on a platform called "Alice with Violence CP" run by a 35‑year‑old suspect in China; investigators say roughly 10,000 users paid between EUR 17 and EUR 250 in Bitcoin, generating about $400,000. Authorities seized 287 servers — 105 in Germany — and have issued an international arrest warrant; 440 purchasers in 23 countries have been identified and 100 are under investigation. Prosecutors note that attempting to buy CSAM is criminal in many jurisdictions even when no material is delivered.

🔒 Proton Mail disclosed subscriber payment metadata to Swiss authorities, who in turn shared the records with the FBI. The released material appears to be billing- and payment-related information rather than message contents, but such metadata can still link an account to an individual. The case highlights that privacy-focused services may be compelled by legal process to produce stored user records.

🔒 The U.S. Department of Justice has charged Angelo Martino, a former DigitalMint ransomware negotiator, with one count of conspiracy to interfere with interstate commerce by extortion after he surrendered on March 10. Unsealed court documents allege Martino shared confidential negotiation details with BlackCat operators and, between April 2023 and April 2025, participated in attacks alongside former colleagues Kevin Tyler Martin and Ryan Goldberg. Prosecutors say the group acted as BlackCat affiliates, paying administrators a 20% cut and extorting at least five U.S. organizations, including a Tampa medical device manufacturer that paid $1.27 million. DigitalMint said it terminated the employees and has cooperated with law enforcement.

🔒 The FBI has seized the LeakBase cybercrime forum and preserved data from more than 142,000 members as part of a multinational operation coordinated by Europol. On March 3–4 authorities seized two domains, switched nameservers to ns1.fbi.seized.gov and ns2.fbi.seized.gov, and posted a seizure notice. Investigators secured the forum database — including accounts, posts, private messages, credit details, and IP logs — for evidentiary use and executed arrests, searches, and interviews across the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.

⚠ CISA issued Emergency Directive 26-03 requiring immediate mitigation of critical vulnerabilities in Cisco SD‑WAN systems, citing exploitable flaws including CVE-2026-20127 and CVE-2022-20775. Agencies must inventory systems, collect virtual snapshots and logs, apply patches, hunt for evidence of compromise, and implement vendor hardening guidance. CISA will monitor compliance, provide technical assistance, and deliver additional resources as needed. The directive is supported by the NSA, ASD’s ACSC, Canada’s Cyber Centre, NCSC-NZ, and NCSC-UK.

🔒 The UK Information Commissioner's Office (ICO) has fined Reddit £14.47m for failing to implement robust age verification and for not conducting a required DPIA before January 2025. The regulator found that children under 13 had personal data processed without a lawful basis and were potentially exposed to inappropriate content. Reddit maintains it avoids collecting identity data to protect privacy, while experts warn heavy-handed identity checks could introduce new privacy and security risks.

🔒 Spanish authorities arrested four alleged members of the hacktivist group Anonymous Fénix for a series of distributed denial-of-service (DDoS) attacks that targeted government ministries, political parties, and public institutions. The Spanish Civil Guard said the group first struck in April 2023 and intensified activity after severe floods in Valencia in late October 2024, using X and Telegram for recruitment and propaganda. Courts ordered seizure of the group's X and YouTube accounts and closure of its Telegram channel following the arrests.

🚨 Operation Red Card 2.0 demonstrates how synchronized public‑ and private‑sector action can disrupt transnational fraud. Between December 2025 and January 2026, authorities across 16 African countries used shared intelligence and operational coordination to identify victims, arrest operators, seize devices, and dismantle malicious infrastructure. Fortinet supported the effort through data contributions and the Cybercrime Atlas, helping turn intelligence into enforcement outcomes.

🔍 A coordinated operation led by INTERPOL and the African Joint Operation against Cybercrime (AFJOC) arrested 651 suspects across 16 countries between December 8 and January 30. Authorities recovered over $4.3 million and identified 1,247 victims linked to schemes responsible for more than $45 million in losses. Investigators seized 2,341 devices, dismantled networks of fraudulent accounts and took down 1,442 malicious websites, domains, and servers.

🛡️ Polish police have detained a 47-year-old suspect alleged to have ties to the Phobos ransomware group and seized computers and mobile phones containing credentials, credit card numbers, and server access data. The arrest in Małopolska was carried out by the Central Bureau of Cybercrime Control as part of Operation Aether, an international Europol-coordinated disruption. Authorities say the suspect used encrypted messaging to communicate with Phobos and now faces charges under Article 269b of Poland’s Criminal Code.

🛡️ Linwei Ding, a former Google engineer, was convicted by a federal jury on multiple counts of economic espionage and theft of trade secrets after allegedly taking more than 2,000 confidential documents tied to Google's AI infrastructure and chip designs. Prosecutors say the material included details on Google's TPU and GPU architectures, Cluster Management System software, and custom SmartNICs used in AI supercomputers. Authorities allege the theft occurred between May 2022 and April 2023 and that Ding copied files to personal accounts and founded a China-based startup while still employed by Google. He faces significant federal prison terms if sentenced.

🔒 France Travail has been fined €5 million by the CNIL after a March 2024 cyber-attack that potentially exposed personal data for an estimated 43 million jobseekers. The regulator found failures including weak authentication for Cap Emploi advisors, insufficient logging and monitoring, and overly broad access permissions, breaching Article 32 of the GDPR. France Travail must provide evidence of corrective measures on a strict timeline or face a €5,000 daily fine.

⚖️ A Slovakian national, 33‑year‑old Alan Bill (aka "Vend0r" or "KingdomOfficial"), pleaded guilty to a conspiracy to distribute controlled substances for his role operating the darknet Kingdom Market, which operated from March 2021 through December 2023. Federal undercover agents made purchases in July 2022, acquiring methamphetamine, fentanyl and a fraudulent U.S. passport, and authorities seized the site's infrastructure in December 2023. Bill was arrested at Newark Liberty International Airport after customs inspectors found multiple devices and a cryptocurrency hardware wallet linking him to the marketplace; he admitted providing web‑administration services, receiving cryptocurrency payments, and assisting with forum creation and moderation.

🔐 A Nebraska federal grand jury indicted 31 additional defendants accused of participating in an ATM jackpotting operation that used Ploutus malware to steal millions from U.S. ATMs. Authorities say many suspects are Venezuelan or Colombian nationals tied to the gang Tren de Aragua, an organization recently designated by OFAC as a Foreign Terrorist Organization. Investigators allege attackers opened ATM housings, swapped or connected drives to load malware, deleted evidence, and forced machines to dispense cash; the stolen proceeds were split and laundered. The Justice Department has charged 87 TdA members in related cases over the past six months.

🚨 Ukrainian and German authorities have identified two Ukrainians allegedly working for the Russia-linked ransomware-as-a-service group Black Basta, while the group's suspected leader, 35-year-old Russian national Oleg Evgenievich Nefedov, has been added to the EU Most Wanted and INTERPOL Red Notice lists. Investigators say the suspects acted as "hash crackers," extracting credentials used to breach corporate networks and deploy ransomware. Searches in Ivano-Frankivsk and Lviv yielded digital storage devices and cryptocurrency assets. Black Basta emerged in April 2022 and is linked to attacks on more than 500 organizations and hundreds of millions in illicit cryptocurrency profits.

🚨 German and Ukrainian authorities have identified Oleg Evgenievich Nefedov as the leader of the Black Basta ransomware group and added him to Europol's 'Most Wanted' and Interpol's 'Red Notice' lists. Raids in the Ivano-Frankivsk and Lviv regions targeted two alleged members who specialized in initial access, hash cracking and privilege escalation, and yielded seized digital storage and cryptocurrency assets. Black Basta, linked to the defunct Conti syndicate, has been tied to more than 600 incidents worldwide affecting major organizations.

🛡️ International law enforcement, together with Microsoft, dismantled the RedVDS cybercrime service after seizing servers hosted in Germany. Authorities from Germany, the United States and the United Kingdom, confirmed by the ZIT and the State Criminal Police Office of Brandenburg, say the platform enabled large-scale phishing and boss‑scam frauds. Microsoft reports $40 million in US losses over seven months and highlights prolific phishing volumes from rented virtual machines. No arrests have been reported; suspects are believed to be located in an unspecified Middle Eastern country.