All news with #law enforcement action tag

Photocall IPTV Piracy Platform with 26M Users Shut Down

🛑 Photocall, a major illicit TV streaming platform serving over 26 million annual visitors, has ceased operations following a joint investigation and settlement with ACE and DAZN. The site provided unauthorized access to 1,127 channels across 60 countries, including live sports such as MotoGP and Formula 1, as well as Serie A, NFL, NHL and club channels. Operators agreed to transfer all domains to ACE, which now redirects them to its Watch Legally portal. Visitor data showed nearly 30% of traffic from Spain, with significant audiences in Mexico, Germany, Italy and the United States.

ThreatsDay: 0-Days, LinkedIn Spying, IoT Flaws, Crypto

🛡️ This week's ThreatsDay Bulletin highlights a surge in espionage, zero-day exploits, and organized crypto laundering across multiple countries. MI5 warned that Chinese operatives are using LinkedIn profiles and fake recruiters to target lawmakers and staff, while researchers disclosed critical flaws like a pre-auth RCE in Oracle Identity Manager and a resource-exhaustion bug in the Shelly Pro 4PM relay. The bulletin also details malicious browser extensions, new macOS stealer NovaStealer, high-profile arrests and sanctions, and continued pressure on crypto-mixing services. Patch, update, and verify identities to reduce exposure.

Samourai Cryptomixer Founders Sent to Prison in U.S. Case

🔒 The founders of the Samourai Wallet crypto-mixing service, CEO Keonne Rodriguez and CTO William Lonergan Hill, were sentenced after pleading guilty to operating an unlicensed money-transmitting business and laundering funds. Rodriguez received five years and Hill four years in prison, plus fines and three years of supervised release. Authorities seized servers and domains, removed the mobile app, and secured forfeiture of $237,832,360.55 linked to illicit transactions.

UK, US and Allies Sanction Russian Bulletproof Hosters

🔒 Western allies have announced coordinated sanctions targeting three bulletproof hosting providers — Media Land, ML.Cloud and Aeza Group — and four associated Russian executives, including Alexander Volosovik (aka Yalishanda). The measures, backed by the UK, US and Australia, also named UK-registered front Hypercore and aim to seize assets and cut access to legitimate banking channels. Authorities say the hosts supported numerous ransomware and infostealer operations, and Five Eyes nations published guidance to help ISPs and defenders mitigate malicious activity enabled by such services.

US, UK, Australia Sanction Russian Bulletproof Hosts

🔒 The US, UK, and Australia have sanctioned Russian bulletproof hosting provider Media Land and related companies for supporting ransomware gangs such as LockBit, BlackSuit, and Play. Three executives were also designated and assets frozen, while clients and facilitators face secondary sanctions. Five Eyes agencies issued guidance for ISPs to detect and block BPH-enabled abuse.

Europol Disrupts $55M in Crypto Linked to Piracy Ring

🔎 A coordinated Europol-led operation, Intellectual Property Crime Cyber-Patrol Week, targeted online piracy and IP infringement across Europe. Thirty investigators using advanced OSINT methods identified 69 suspect sites, of which 25 illicit IPTV services were referred to crypto service providers and 44 were added to ongoing probes. Authorities traced roughly $55m in cryptocurrency flows tied to those services. The exercise also tested new technologies and reinforced cross-border collaboration among more than 15 countries and private partners.

California Man Pleads Guilty in $25M Crypto Laundering

🔒 Kunal Mehta, a 45-year-old from Irvine, has pleaded guilty to laundering at least $25 million connected to a wider $230 million cryptocurrency theft. Court documents say Mehta served as a money launderer for a transnational ring that used social engineering between October 2023 and March 2025 to access victims' crypto accounts. Prosecutors allege he created multiple shell companies in 2024, routed wire transfers into bank accounts designed to appear legitimate, and typically charged a 10% fee for converting stolen crypto to cash. Investigators say the group employed mixers, peel chains, pass-through wallets, VPNs, and conversions to Monero, though operational mistakes helped link laundered funds back to the theft.

DoorDash Confirms October 2025 Customer Data Breach

🔒 DoorDash has confirmed a data breach in October 2025 that exposed customers' names, phone numbers, physical addresses and email addresses. The company said an employee was targeted in a social engineering scam that allowed unauthorized access, but there is currently no indication the data has been misused. DoorDash stated that sensitive identifiers and payment information were not accessed and that it has engaged an external firm, notified law enforcement, rolled out security enhancements and issued additional staff training.

Stadtwerke Detmold Hit by Hacker Attack, IT Shutdown

🔒 Stadtwerke Detmold has reported a widespread IT outage following an apparent hacker attack that prompted the operator to take all systems offline. Online services are unavailable and the company cannot be reached by phone or email. The utility says the supply of drinking water, electricity, gas and district heating remains assured, and customers can report technical problems via a hotline. Authorities are investigating the incident and, so far, no ransom demand has been reported.

Dutch Police Seize 250 Servers Used by Bulletproof Hosting

🛑 Dutch police seized around 250 physical servers and thousands of virtual machines tied to a bulletproof hosting service that allegedly catered exclusively to cybercriminals. Authorities say the infrastructure has been used since 2022 in more than 80 investigations and facilitated ransomware, botnets, phishing, and distribution of child abuse content. Investigators will perform forensic analysis on the seized systems to identify operators and clients. No arrests have been announced; the provider CrazyRDP has reportedly gone offline after the action.

Europol Removes Thousands of Extremist Gaming Links

🔍 A coordinated action led by the European Union Internet Referral Unit (EU IRU) on 13 November 2025 resulted in the referral of thousands of extremist links found across gaming and gaming-adjacent platforms. Authorities from eight participating countries flagged 5,408 jihadist links, 1,070 violent right‑wing extremist items and 105 racist or xenophobic posts. Investigators noted illicit content on live streams, video libraries, forums and hybrid storefronts, and described how creators repurpose in-game footage with coded language and imagery to evade detection. The initiative aims to reduce public exposure and bolster cross-border cooperation.

Five Plead Guilty to Enabling DPRK Remote IT and Hacks

🔒 Five individuals have pleaded guilty to serving as facilitators for North Korean cyber operations, the US Department of Justice said. They used false or stolen identities and hosted employer laptops in US residences to create the appearance of domestic remote IT workers, aiding APT38-linked efforts. The DoJ said the activity impacted more than 136 US organizations, generated over $2.2m for Pyongyang and compromised the identities of 18 US residents, and authorities seized $15m in Tether tied to related heists.

Five Americans Plead Guilty to Enabling North Korea IT Fraud

⚖️ The U.S. Department of Justice announced five U.S. citizens pleaded guilty for facilitating North Korea’s illicit IT worker and revenue-generation schemes. The defendants hosted company-issued laptops, supplied or sold U.S. identities, and helped overseas IT workers pass vetting to obtain jobs at American firms. DOJ says the schemes impacted more than 136 U.S. companies, generated over $2.2 million for the DPRK, and compromised the identities of more than 18 U.S. persons.

Five Plead Guilty Aiding North Korea Infiltrate US Firms

🔒 Five individuals pleaded guilty to facilitating North Korea’s placement of overseas IT workers at U.S. firms using false, stolen, or brokered identities, a scheme that affected 136 companies and generated over $2.2 million for the DPRK. The DOJ also filed civil forfeiture actions to recover more than $15 million in cryptocurrency tied to APT38 thefts that were part of $382 million stolen in 2023. One defendant, Oleksandr Didenko, agreed to forfeit $570,000 in cash and about $830,000 worth of cryptocurrency.

U.S. Launches Strike Force Against Chinese Crypto Scams

🚨The U.S. Department of Justice, U.S. Attorney's Office, FBI and Secret Service have created the Scam Center Strike Force to disrupt Chinese-operated cryptocurrency scam networks that reportedly steal nearly $10 billion from Americans annually. The team focuses on tracing illicit funds, seizing cryptocurrency and coordinating international partners to dismantle scam infrastructure based in Southeast Asia. Authorities say many operations run from criminal compounds where workers are victims of trafficking. More than $401 million in crypto has already been seized and additional forfeiture actions are underway.

DoorDash Discloses October Data Breach Affecting Users

🔔 DoorDash disclosed a data breach discovered on October 25, 2025, after an unauthorized third party gained access to certain user contact information when a DoorDash employee fell victim to a social engineering scam. Affected information varied by individual and may have included first and last names, physical addresses, phone numbers, and email addresses. DoorDash says no Social Security Numbers or other highly sensitive data were accessed, and the company engaged a forensic firm, notified law enforcement, and deployed additional security measures. Initial notifications appear focused on Canada, though the advisory suggests the incident could affect users in other regions.

Google Sues to Disrupt China-Based SMS Phishing Operation

📱 Google has filed suit in the Southern District of New York to unmask and disrupt 25 unnamed operators tied to Lighthouse, a China-based phishing kit that has victimized over one million people across 120 countries. The complaint alleges Lighthouse powers a “Smishing Triad” that spoofs trusted brands, blasts mass text lures, and automates enrollment of stolen cards into mobile wallets using one-time verification codes. Google asserts trademark infringement and RICO claims and seeks to dismantle the coordinated groups behind the service.

Operation Endgame 3.0 Disrupts Three Major Malware Networks

🔒 Operation Endgame 3.0 targeted and dismantled infrastructure supporting three prominent malware families — Rhadamanthys, VenomRAT and the Elysium botnet — in coordinated actions carried out between 10 and 13 November. Authorities disrupted or seized more than 1,025 servers and 20 domains, searched 11 locations across multiple countries and arrested a suspected VenomRAT operator in Greece. The initiative was led by Europol with Eurojust, national law enforcement partners and over 30 private cybersecurity organizations.

Operation Endgame Takedown Disrupts Major Malware Campaign

🛡️ Investigators disrupted the infrastructure for the Rhadamanthys credential stealer and targeted the VenomRAT remote‑access trojan as part of Operation Endgame. Authorities secured data linked to more than 650,000 victims and published it on information platforms so people can verify exposure. A suspect was arrested in Greece, 11 premises were searched and over $200 million in cryptocurrency assets were frozen.

Operation Endgame Disrupts Multiple Malware Networks

🛡️ A coordinated law enforcement operation led by Europol and Eurojust between November 10–13, 2025 disrupted major malware infrastructures, including Rhadamanthys Stealer, Venom RAT, and an Elysium botnet. Authorities seized 20 domains, took down more than 1,025 servers and arrested a primary suspect in Greece on November 3. Europol said the dismantled networks encompassed hundreds of thousands of infected machines and several million stolen credentials, and that the infostealer operator had access to roughly 100,000 cryptocurrency wallets.