All news with #law enforcement action tag

Mobile Phishers Target Brokerage Accounts in Ramp-and-Dump

📈 Cybercriminals selling advanced mobile phishing kits have shifted from converting stolen cards into mobile wallets to hijacking brokerage accounts for a coordinated ramp and dump scheme that inflates and then collapses foreign and penny stock prices. Vendors such as Outsider (aka Chenlun) offer templates that spoof brokers via iMessage and RCS to harvest logins and SMS one-time codes. Operators use banks of phones and human handlers to preposition, trade, and liquidate positions, leaving victims with worthless shares while brokers and regulators contend with the fallout.

US Seizes $1.09M in Bitcoin From BlackSuit Gang Takedown

💰 The US Department of Justice announced it seized US $1,091,453 in cryptocurrency linked to the Russian-operated BlackSuit ransomware group following an international takedown of servers, domains and the gang's dark web extortion site. The recovered funds derive from a 49.3120227 Bitcoin ransom payment on or about April 4, 2023; that payment was originally worth US $1,445,454.86. Law enforcement partners in the United States, United Kingdom, Canada, Germany, Ireland and France collaborated on the operation that seized four servers and nine domains on July 24, and the frozen funds were identified after repeated deposits and withdrawals that ended with an exchange freeze in January 2024.

KrebsOnSecurity Featured in HBO Max 'Most Wanted' Series

📰 The HBO Max documentary Most Wanted: Teen Hacker features interviews with Brian Krebs and examines the criminal trajectory of Julius Kivimäki, a Finnish hacker convicted for extensive data breaches and later mass extortion. The four-part series traces his early role in the Lizard Squad, high-profile DDoS attacks, swatting incidents, and the Vastaamo psychotherapy breach and patient extortion. Directed by Sami Kieski and co-written by Joni Soila, episodes will stream weekly on Fridays throughout September.

Ransomware Forces German Insurance Firm into Bankruptcy

⚠ A ransomware attack attributed to the Royal group forced German insurer Einhaus Gruppe into insolvency after encrypted systems and locked servers halted operations. The spring 2023 incident left printers displaying a takeover message, prevented staff access to critical data, and generated a mid-seven-figure business disruption. Einhaus paid a ransom of roughly US $230,000, but prosecutors later seized cryptocurrency allegedly tied to the perpetrators, and the withheld funds impeded restructuring efforts and helped drive the company into bankruptcy.

Arrest in Raid on XSS Forum: Who Was Detained and Why

🔍 Europol and Ukrainian authorities announced the arrest of a 38-year-old suspect tied to the Russian-language XSS crime forum after a July 22, 2025 operation led by French investigators. Authorities say the detainee served as a trusted third party, arbitrating disputes and assuring transaction security for members linked to multiple ransomware groups. Reporting traces forum activity and multiple domain registrations tied to the handle 'Toha', but investigation suggests the arrested man is likely Anton Medvedovskiy rather than alternate identities circulated online. The takedown yielded Jabber server logs and forum backups, prompting a wary, contested relaunch.

ESET Threat Report H1 2025: ClickFix and Ransomware

🔍 ESET's H1 2025 Threat Report highlights a sharp rise in manipulative social-engineering techniques, coordinated infostealer takedowns, and aggressive infighting among ransomware groups. Hosts Aryeh Goretsky and Ondrej Kubovič analyze the rapid emergence of ClickFix, including the FakeCaptcha variant that coaxes victims into executing commands. They also summarize law enforcement disruptions of RedLine/Meta Stealer and other services, and recount a brazen “deathmatch” in which the small actor Dragonforce defaced and dismantled rival data leak sites.

North Korea’s IT worker scheme infiltrating US firms

🔍 Thousands of North Korean IT workers have used stolen and fabricated US identities to secure roles at Western companies, funneling hundreds of millions of dollars annually to Pyongyang’s military programs. They leverage AI for resumes and cultural coaching, faceswap and VPN tools for video calls, and remote-access setups tied to US-based "laptop farms" run by facilitators who launder paychecks and ship company-issued machines abroad. Recent DOJ raids and the 102-month sentence for Christina Marie Chapman highlight legal, financial and national security risks, including potential sanctions violations.

Tech industry must resist weakening end-to-end encryption

🔐 The UK government's proposal to require access to end-to-end encrypted data—intended to combat terrorism and child sexual abuse—would effectively demand backdoors that major vendors refuse to build. Apple removed Advanced Data Protection for UK users after a non-public notice under the Investigatory Powers Act reportedly sought access, and WhatsApp has supported Apple's stance. The article argues such per-country mandates are technically unenforceable and easily circumvented, creating border chaos and disproportionate privacy harms. ESET recommends preserving strong encryption and using court-backed, oversightable access mechanisms rather than backdoors.

Phishers Target Aviation Executives, Steal Customer Funds

📧 A targeted phishing campaign compromised an aviation executive’s Microsoft 365 credentials, allowing attackers to mine past invoice conversations and send convincing fake invoice requests to customers. Within hours the fraudsters registered a near‑identical domain and at least one customer paid a six‑figure phony invoice. Investigation links the registration details to a long‑running Nigerian BEC ring identified as SilverTerrier; firms are urged to combine employee training, domain monitoring and rapid use of the Financial Fraud Kill Chain to improve recovery chances.

Google Files Lawsuit to Dismantle BadBox 2.0 Botnet

🔒 Google has filed a lawsuit in New York federal court targeting the operators of the BadBox 2.0 botnet, which compromised over 10 million uncertified devices running the Android Open Source Project. In partnership with HUMAN Security and Trend Micro, Google’s Ad Traffic Quality team identified preinstalled malware used for large-scale ad fraud and other illicit activity. Google updated Play Protect to automatically block BadBox-associated apps and is coordinating with the FBI to further disrupt the criminal operation.

LockBit, Hiveleaks and BlackBasta Drive Ransomware Spike

🚨 Ransomware activity rebounded in July, with NCC Group recording 198 successful campaigns — a 47% increase from June. The surge was led by LockBit 3.0 (62 attacks), followed by Hiveleaks (27) and BlackBasta (24), which showed rapid month‑over‑month growth. Researchers link the fluctuation to restructuring after U.S. pressure on Conti, with affiliates and replacement strains reemerging under new identities.