All news with #law enforcement action tag

Operation Endgame 3.0 Disrupts Rhadamanthys Infostealer

🔒Operation Endgame 3.0, coordinated by Europol with over 30 national and private partners, dismantled more than 1,000 servers and seized 20 domains tied to the Rhadamanthys infostealer, VenomRAT and the Elysium botnet. Authorities say the disrupted infrastructure harboured hundreds of thousands of infected computers and millions of stolen credentials, with the Rhadamanthys operator allegedly accessing over 100,000 crypto wallets. The action included 11 searches and at least one arrest; users are advised to check accounts via national breach-check services or HaveIBeenPwned and to maintain strong defences as criminals can rebuild.

CrowdStrike Fires Insider Allegedly Sharing Internal Data

🔒 CrowdStrike said it fired a “suspicious insider” after screenshots of company resources—including an Okta dashboard for internal access—appeared in a public Telegram channel run by Scattered Lapsus$ Hunters. The hackers claimed the material came from a Salesforce-ecosystem breach involving vendor Gainsight, a claim CrowdStrike denied. The company told TechCrunch investigators the images were produced when an employee shared pictures of their screen externally, that its systems were not compromised, and that customers remained protected. CrowdStrike has referred the matter to law enforcement.

CrowdStrike Insider Shared Screenshots with Hackers

🔒 CrowdStrike confirmed that an insider shared screenshots taken on internal systems with external threat actors but stressed that its systems were not breached and customer data remained protected. The company said it identified and terminated the suspicious employee after an internal investigation and has referred the matter to law enforcement. CrowdStrike declined to name the responsible group or the insider's motives, while screenshots surfaced on Telegram attributed to several extortion-focused collectives.

Scattered Spider Teens Plead Not Guilty in TfL Hack

🔒 Two British teenagers, identified by authorities as suspected members of the Scattered Spider collective, have pleaded not guilty to computer misuse and fraud-related charges at Southwark Crown Court. The charges stem from an August 2024 breach of Transport for London (TfL) that disrupted online services, caused millions in losses, and later was found to have exposed customer names, addresses, and contact details. Arrested in September 2024 by the NCA and City of London Police, the defendants face additional alleged conspiracies involving US healthcare networks and separate counts tied to seized passwords.

Music Store's Google Ads Account Hijacked, €4M Loss

🔒 The Google Ads account for Cologne-based retailer Music Store was reportedly taken over by attackers on 19 October 2025. Criminals have linked more than 2,500 foreign advertising accounts to the company’s payment profile and are running persistent campaigns promoting online casinos and crypto exchanges that administrators cannot remove. The assigned Google account manager has reportedly been unable to stop the activity, and formal attempts to get intervention via official channels have so far failed. Police cybercrime investigators and consumer protection authorities have been notified, and reported losses exceed €4 million.

Photocall IPTV Piracy Platform with 26M Users Shut Down

🛑 Photocall, a major illicit TV streaming platform serving over 26 million annual visitors, has ceased operations following a joint investigation and settlement with ACE and DAZN. The site provided unauthorized access to 1,127 channels across 60 countries, including live sports such as MotoGP and Formula 1, as well as Serie A, NFL, NHL and club channels. Operators agreed to transfer all domains to ACE, which now redirects them to its Watch Legally portal. Visitor data showed nearly 30% of traffic from Spain, with significant audiences in Mexico, Germany, Italy and the United States.

ThreatsDay: 0-Days, LinkedIn Spying, IoT Flaws, Crypto

🛡️ This week's ThreatsDay Bulletin highlights a surge in espionage, zero-day exploits, and organized crypto laundering across multiple countries. MI5 warned that Chinese operatives are using LinkedIn profiles and fake recruiters to target lawmakers and staff, while researchers disclosed critical flaws like a pre-auth RCE in Oracle Identity Manager and a resource-exhaustion bug in the Shelly Pro 4PM relay. The bulletin also details malicious browser extensions, new macOS stealer NovaStealer, high-profile arrests and sanctions, and continued pressure on crypto-mixing services. Patch, update, and verify identities to reduce exposure.

Samourai Cryptomixer Founders Sent to Prison in U.S. Case

🔒 The founders of the Samourai Wallet crypto-mixing service, CEO Keonne Rodriguez and CTO William Lonergan Hill, were sentenced after pleading guilty to operating an unlicensed money-transmitting business and laundering funds. Rodriguez received five years and Hill four years in prison, plus fines and three years of supervised release. Authorities seized servers and domains, removed the mobile app, and secured forfeiture of $237,832,360.55 linked to illicit transactions.

UK, US and Allies Sanction Russian Bulletproof Hosters

🔒 Western allies have announced coordinated sanctions targeting three bulletproof hosting providers — Media Land, ML.Cloud and Aeza Group — and four associated Russian executives, including Alexander Volosovik (aka Yalishanda). The measures, backed by the UK, US and Australia, also named UK-registered front Hypercore and aim to seize assets and cut access to legitimate banking channels. Authorities say the hosts supported numerous ransomware and infostealer operations, and Five Eyes nations published guidance to help ISPs and defenders mitigate malicious activity enabled by such services.

US, UK, Australia Sanction Russian Bulletproof Hosts

🔒 The US, UK, and Australia have sanctioned Russian bulletproof hosting provider Media Land and related companies for supporting ransomware gangs such as LockBit, BlackSuit, and Play. Three executives were also designated and assets frozen, while clients and facilitators face secondary sanctions. Five Eyes agencies issued guidance for ISPs to detect and block BPH-enabled abuse.

Europol Disrupts $55M in Crypto Linked to Piracy Ring

🔎 A coordinated Europol-led operation, Intellectual Property Crime Cyber-Patrol Week, targeted online piracy and IP infringement across Europe. Thirty investigators using advanced OSINT methods identified 69 suspect sites, of which 25 illicit IPTV services were referred to crypto service providers and 44 were added to ongoing probes. Authorities traced roughly $55m in cryptocurrency flows tied to those services. The exercise also tested new technologies and reinforced cross-border collaboration among more than 15 countries and private partners.

California Man Pleads Guilty in $25M Crypto Laundering

🔒 Kunal Mehta, a 45-year-old from Irvine, has pleaded guilty to laundering at least $25 million connected to a wider $230 million cryptocurrency theft. Court documents say Mehta served as a money launderer for a transnational ring that used social engineering between October 2023 and March 2025 to access victims' crypto accounts. Prosecutors allege he created multiple shell companies in 2024, routed wire transfers into bank accounts designed to appear legitimate, and typically charged a 10% fee for converting stolen crypto to cash. Investigators say the group employed mixers, peel chains, pass-through wallets, VPNs, and conversions to Monero, though operational mistakes helped link laundered funds back to the theft.

DoorDash Confirms October 2025 Customer Data Breach

🔒 DoorDash has confirmed a data breach in October 2025 that exposed customers' names, phone numbers, physical addresses and email addresses. The company said an employee was targeted in a social engineering scam that allowed unauthorized access, but there is currently no indication the data has been misused. DoorDash stated that sensitive identifiers and payment information were not accessed and that it has engaged an external firm, notified law enforcement, rolled out security enhancements and issued additional staff training.

Stadtwerke Detmold Hit by Hacker Attack, IT Shutdown

🔒 Stadtwerke Detmold has reported a widespread IT outage following an apparent hacker attack that prompted the operator to take all systems offline. Online services are unavailable and the company cannot be reached by phone or email. The utility says the supply of drinking water, electricity, gas and district heating remains assured, and customers can report technical problems via a hotline. Authorities are investigating the incident and, so far, no ransom demand has been reported.

Dutch Police Seize 250 Servers Used by Bulletproof Hosting

🛑 Dutch police seized around 250 physical servers and thousands of virtual machines tied to a bulletproof hosting service that allegedly catered exclusively to cybercriminals. Authorities say the infrastructure has been used since 2022 in more than 80 investigations and facilitated ransomware, botnets, phishing, and distribution of child abuse content. Investigators will perform forensic analysis on the seized systems to identify operators and clients. No arrests have been announced; the provider CrazyRDP has reportedly gone offline after the action.

Europol Removes Thousands of Extremist Gaming Links

🔍 A coordinated action led by the European Union Internet Referral Unit (EU IRU) on 13 November 2025 resulted in the referral of thousands of extremist links found across gaming and gaming-adjacent platforms. Authorities from eight participating countries flagged 5,408 jihadist links, 1,070 violent right‑wing extremist items and 105 racist or xenophobic posts. Investigators noted illicit content on live streams, video libraries, forums and hybrid storefronts, and described how creators repurpose in-game footage with coded language and imagery to evade detection. The initiative aims to reduce public exposure and bolster cross-border cooperation.

Five Plead Guilty to Enabling DPRK Remote IT and Hacks

🔒 Five individuals have pleaded guilty to serving as facilitators for North Korean cyber operations, the US Department of Justice said. They used false or stolen identities and hosted employer laptops in US residences to create the appearance of domestic remote IT workers, aiding APT38-linked efforts. The DoJ said the activity impacted more than 136 US organizations, generated over $2.2m for Pyongyang and compromised the identities of 18 US residents, and authorities seized $15m in Tether tied to related heists.

Five Americans Plead Guilty to Enabling North Korea IT Fraud

⚖️ The U.S. Department of Justice announced five U.S. citizens pleaded guilty for facilitating North Korea’s illicit IT worker and revenue-generation schemes. The defendants hosted company-issued laptops, supplied or sold U.S. identities, and helped overseas IT workers pass vetting to obtain jobs at American firms. DOJ says the schemes impacted more than 136 U.S. companies, generated over $2.2 million for the DPRK, and compromised the identities of more than 18 U.S. persons.

Five Plead Guilty Aiding North Korea Infiltrate US Firms

🔒 Five individuals pleaded guilty to facilitating North Korea’s placement of overseas IT workers at U.S. firms using false, stolen, or brokered identities, a scheme that affected 136 companies and generated over $2.2 million for the DPRK. The DOJ also filed civil forfeiture actions to recover more than $15 million in cryptocurrency tied to APT38 thefts that were part of $382 million stolen in 2023. One defendant, Oleksandr Didenko, agreed to forfeit $570,000 in cash and about $830,000 worth of cryptocurrency.

U.S. Launches Strike Force Against Chinese Crypto Scams

🚨The U.S. Department of Justice, U.S. Attorney's Office, FBI and Secret Service have created the Scam Center Strike Force to disrupt Chinese-operated cryptocurrency scam networks that reportedly steal nearly $10 billion from Americans annually. The team focuses on tracing illicit funds, seizing cryptocurrency and coordinating international partners to dismantle scam infrastructure based in Southeast Asia. Authorities say many operations run from criminal compounds where workers are victims of trafficking. More than $401 million in crypto has already been seized and additional forfeiture actions are underway.