All news with #law enforcement action tag

DoorDash Discloses October Data Breach Affecting Users

🔔 DoorDash disclosed a data breach discovered on October 25, 2025, after an unauthorized third party gained access to certain user contact information when a DoorDash employee fell victim to a social engineering scam. Affected information varied by individual and may have included first and last names, physical addresses, phone numbers, and email addresses. DoorDash says no Social Security Numbers or other highly sensitive data were accessed, and the company engaged a forensic firm, notified law enforcement, and deployed additional security measures. Initial notifications appear focused on Canada, though the advisory suggests the incident could affect users in other regions.

Google Sues to Disrupt China-Based SMS Phishing Operation

📱 Google has filed suit in the Southern District of New York to unmask and disrupt 25 unnamed operators tied to Lighthouse, a China-based phishing kit that has victimized over one million people across 120 countries. The complaint alleges Lighthouse powers a “Smishing Triad” that spoofs trusted brands, blasts mass text lures, and automates enrollment of stolen cards into mobile wallets using one-time verification codes. Google asserts trademark infringement and RICO claims and seeks to dismantle the coordinated groups behind the service.

Operation Endgame 3.0 Disrupts Three Major Malware Networks

🔒 Operation Endgame 3.0 targeted and dismantled infrastructure supporting three prominent malware families — Rhadamanthys, VenomRAT and the Elysium botnet — in coordinated actions carried out between 10 and 13 November. Authorities disrupted or seized more than 1,025 servers and 20 domains, searched 11 locations across multiple countries and arrested a suspected VenomRAT operator in Greece. The initiative was led by Europol with Eurojust, national law enforcement partners and over 30 private cybersecurity organizations.

Operation Endgame Takedown Disrupts Major Malware Campaign

🛡️ Investigators disrupted the infrastructure for the Rhadamanthys credential stealer and targeted the VenomRAT remote‑access trojan as part of Operation Endgame. Authorities secured data linked to more than 650,000 victims and published it on information platforms so people can verify exposure. A suspect was arrested in Greece, 11 premises were searched and over $200 million in cryptocurrency assets were frozen.

Operation Endgame Disrupts Multiple Malware Networks

🛡️ A coordinated law enforcement operation led by Europol and Eurojust between November 10–13, 2025 disrupted major malware infrastructures, including Rhadamanthys Stealer, Venom RAT, and an Elysium botnet. Authorities seized 20 domains, took down more than 1,025 servers and arrested a primary suspect in Greece on November 3. Europol said the dismantled networks encompassed hundreds of thousands of infected machines and several million stolen credentials, and that the infostealer operator had access to roughly 100,000 cryptocurrency wallets.

Police Disrupt Rhadamanthys, VenomRAT and Elysium Botnets

🔒 Law enforcement from nine countries disrupted infrastructure used by the Rhadamanthys infostealer, VenomRAT remote access trojan and the Elysium botnet during a phase of Operation Endgame. Coordinated by Europol and Eurojust with private partners, officers seized 20 domains, took down 1,025 servers and executed searches at 11 locations between 10 and 14 November 2025. A key suspect linked to VenomRAT was arrested in Greece, and authorities warn that the dismantled infrastructure contained hundreds of thousands of infected machines and several million stolen credentials, plus access to over 100,000 crypto wallets.

Google Asks US Court to Shut Down Lighthouse Phishing

🛡️ Google has asked a US court to dismantle infrastructure used by the Lighthouse phishing‑as‑a‑service operation after identifying at least 107 sign‑in templates that mimic Google branding. The service is marketed to attackers who send smishing links and host fraudulent sign‑in pages to harvest credentials. Google also urged Congress to consider GUARD, Foreign Robocall Elimination and SCAM bills to bolster enforcement and funding. The company declined additional comment.

Google Sues to Dismantle Lighthouse Phishing Platform

⚖️ Google has filed a lawsuit to dismantle the Lighthouse phishing‑as‑a‑service platform accused of enabling global SMS phishing (“smishing”) that impersonates USPS and toll providers. The company says Lighthouse has impacted more than 1 million victims in 120 countries and that similar scams may have exposed up to 115 million U.S. payment cards between July 2023 and October 2024. Google’s complaint invokes federal racketeering, trademark, and computer fraud laws and seeks to seize the infrastructure hosting fraudulent templates that even mimic Google sign‑in screens.

Google Sues to Dismantle Lighthouse Phishing Platform

🛡️ Google has filed a lawsuit seeking to dismantle Lighthouse, a China-linked phishing-as-a-service platform accused of powering global SMS phishing ("smishing") campaigns that impersonate USPS and E-ZPass. Google says Lighthouse has impacted more than 1 million victims across 120 countries and that phishing templates even display Google's branding to trick users. The company is pursuing federal claims including RICO, the Lanham Act, and the CFAA while expanding AI and product protections.

Legal Boundaries and Risks of Private Hackback Operations

🔒 Former DoJ attorney John Carlin examines hackbacks, defining them as proactive counterattacks that go beyond passive defense. He argues that purely defensive measures that only affect a victim’s systems are generally lawful, while offensive actions that damage or access an attacker’s systems are likely prohibited without government authorization. Carlin recommends oversight and legal clarification to the CFAA and CISA, and urges private actors to proceed with caution.

Initial Access Broker Pleads Guilty in Yanluowang Case

🔒Aleksey Olegovich Volkov, a 25-year-old Russian accused of acting as an initial access broker, is set to plead guilty in a federal case tied to the Yanluowang ransomware group. Prosecutors say he sold administrator credentials to operators and received over $256,000, while victims paid ransoms up to $1 million. Investigators traced Bitcoin flows to wallets Volkov verified with identity documents, and his plea includes more than $9 million in restitution.

Rhadamanthys infostealer disrupted after server access loss

🔒 The Rhadamanthys infostealer operation has reportedly been disrupted, with multiple customers saying they no longer have SSH access to their web panels. Affected users report servers now require certificate-based logins instead of root passwords, prompting some to wipe and power down infrastructure. Researchers g0njxa and Gi7w0rm observed the outage and noted Tor onion sites for the operation are also offline. The developer and several customers suspect German law enforcement, and some analysts link the event to the broader Operation Endgame disruptions.

Bitcoin Queen Sentenced to Nearly 12 Years for £5.5B Scam

🔒 Zhimin Qian, dubbed the "Bitcoin Queen," was sentenced in London to 11 years and eight months after a seven-year Met Police investigation found she laundered proceeds from a £5.5 billion cryptocurrency investment scheme that defrauded more than 128,000 victims in China between 2014 and 2017. Investigators seized 61,000 Bitcoin — now valued at roughly £5.5 billion — marking the largest crypto seizure in UK history. Two associates received prison terms and authorities confiscated additional assets including wallets, encrypted devices, cash, and gold.

Yanluowang Broker Pleads Guilty to Ransomware Access

🔒 Aleksey Olegovich Volkov, a Russian national who used aliases including chubaka.kor and nets, has agreed to plead guilty to acting as an initial access broker for the Yanluowang ransomware group. Between July 2021 and November 2022 he sold credentials that enabled intrusions at eight U.S. companies and facilitated ransom demands ranging from $300,000 to $15 million. FBI warrants seized server logs, stolen data, chat histories and iCloud records linking Volkov to the scheme and to partial Bitcoin payments. He faces up to 53 years in prison and must pay more than $9.1 million in restitution.

Yanluowang Access Broker Pleads Guilty in Ransomware Case

🔒 A Russian national has pleaded guilty to acting as an initial access broker for the Yanluowang ransomware group, admitting to selling corporate network access used in attacks on at least eight U.S. companies between July 2021 and November 2022. FBI searches of a server tied to the operation recovered chat logs, stolen files, and victim credentials that linked payments and access to the defendant. Investigators traced the suspect through Apple iCloud data, cryptocurrency exchange records, and social media accounts, and blockchain analysis tied portions of ransom payments to addresses he provided. He faces decades in prison and more than $9.1 million in restitution.

NCA Campaign Targets Men Under 45 Over Crypto Scams

🚨 The UK's National Crime Agency (NCA) has launched the "Crypto Dream Scam Nightmare" campaign to warn men under 45 about crypto investment fraud that lures victims with professional sites, apps and romance baiting. The initiative, part of the Home Office's Stop! Think Fraud programme, includes a short video and a 10-tip info sheet to help people recognise and avoid scams. The NCA noted Action Fraud logged over 17,000 investment fraud reports last year.

Hackers Blackmail Massage Parlour Clients in Korea

🔒 South Korean police uncovered a criminal network that used a malicious app to steal customer data from massage parlours and extort clients. The group tricked nine business owners into installing software that exfiltrated names, phone numbers, call logs and text messages, then sent threatening messages claiming to have video footage. About 36 victims paid between 1.5M and 47M KRW, with attempted extortion near 200M KRW. Authorities traced activity to January 2022 across Seoul, Gyeonggi and Daegu and made arrests in August 2023.

DOJ Indicts 31 in High-Tech Rigging of Poker Games

🃏 The Department of Justice has indicted 31 people for using altered shuffling machines and other covert devices to rig high-stakes poker games. The modified shuffling machines read every card and relayed which player would win to off-site conspirators, who then communicated via cellphone to a table “Quarterback” who signaled accomplices. Victims lost tens to hundreds of thousands of dollars, and conspirators also used a chip-tray analyzer, an x-ray table, and special contact lenses or eyeglasses to read cards.

Organized fraud ring abused payment providers, stole €300M

🔍 Authorities across three continents executed coordinated raids and arrests in a probe that uncovered an organized fraud network accused of using stolen credit‑card data to create over 19 million fake subscriptions and siphon more than €300 million. Investigators say suspects exploited vulnerabilities at multiple payment service providers, operated hundreds of sham websites offering porn, dating and streaming services, and used small recurring charges with opaque descriptions to avoid detection. The operation, named Operation Chargeback, was halted in 2021 and is the focus of ongoing international legal assistance.

Smashing Security #442: Clock Hack and Rogue Negotiators

🕒 In episode 442 of Smashing Security, Graham Cluley and guest Dave Bittner examine a state-backed actor that spent two years tunnelling toward a nation's master clock, creating the potential for widespread disruption to time-sensitive systems. They also discuss a disturbing case where ransomware negotiators allegedly turned rogue and carried out their own hacks. The discussion highlights investigative findings, operational impacts, and lessons for defenders tasked with protecting critical infrastructure.