All news with #law enforcement action tag

European Police Bust International Crypto Investment Scam

🔍An international cryptocurrency investment and money‑laundering network has been dismantled in Europe after coordinated operations by French, Belgian and Cypriot authorities. Nine suspects were arrested across Cyprus, Germany and Spain between October 27 and 30, and investigators seized roughly €1.6m in cash, bank funds, crypto wallets and luxury items. French prosecutors say the group ran dozens of fake trading platforms and used social media, phone calls and sponsored fake news to target hundreds of victims, laundering at least $700m in crypto proceeds.

European Police Bust €600M Cryptocurrency Investment Fraud

🔎 European authorities arrested nine suspected money launderers tied to a crypto investment fraud ring that stole over €600 million from victims across multiple countries. The coordinated raids on October 27 and 29 in Cyprus, Spain and Germany were led by Eurojust from The Hague. Investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies and €300,000 in cash. The suspects allegedly used dozens of fake investment platforms and social engineering — including social media ads, cold calls, fake news and celebrity testimonials — to recruit victims and then laundered proceeds using blockchain tools.

Cybersecurity Experts Charged Over BlackCat Ransomware

🔒 Three cybersecurity professionals have been indicted for allegedly operating an ALPHV/BlackCat ransomware affiliate network that attacked at least five U.S. companies between May and November 2023. Prosecutors named former Sygnia incident response manager Ryan Clifford Goldberg and negotiator Kevin Tyler Martin of DigitalMint, accusing them of exfiltrating data, encrypting systems, and demanding cryptocurrency extortion payments. An FBI affidavit describes encrypted dark‑web negotiations, multi‑hop transfers using privacy coins such as Monero, and meticulous spreadsheets that tracked ransoms, receipts, and wallet addresses. Charges include conspiracy to extort and intentional damage to protected computers, with potential forfeiture of crypto assets.

U.S. Prosecutors Indict Three Over BlackCat Ransomware

🔒 Federal prosecutors have indicted three U.S. nationals accused of using BlackCat (ALPHV) ransomware to breach five companies between May and November 2023 and extort payments. The defendants—Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co‑conspirator—allegedly targeted firms in medical devices, pharmaceuticals, clinical care, engineering, and drone manufacturing. Two were employed by cybersecurity firms at the time; both employers say they cooperated with investigators.

Conti Suspect Appears in US Court After Extradition

🔒 A Ukrainian national extradited from Ireland has appeared in a US court, accused of conspiring to deploy Conti ransomware and manage stolen data and ransom notes. Authorities allege Oleksii Lytvynenko participated in attacks between 2020 and July 2022 that resulted in more than $500,000 in cryptocurrency extorted from victims in the Tennessee district and the publication of additional stolen data. He faces computer fraud and wire fraud conspiracy charges and could receive up to 25 years in prison if convicted.

Alleged Jabber Zeus Coder 'MrICQ' Extradited to U.S.

🔒 A Ukrainian man long accused of building and operating components of the Jabber Zeus banking trojan has been arrested in Italy and is now in U.S. custody. Prosecutors say 41-year-old Yuriy Igorevich Rybtsov, previously identified only by the handle MrICQ, was charged in a 2012 Nebraska indictment as a developer and notification handler for the group. Investigators allege Jabber Zeus used a custom ZeuS variant and a Leprechaun component to intercept credentials and bypass multi-factor protections, enabling large payroll thefts via recruited money mules.

Russian Police Arrest Suspected Meduza Stealer Operators

🔒 Russian authorities have arrested three individuals in Moscow accused of creating and operating the Meduza information‑stealing malware. Announced on Telegram by police general Irina Volk, investigators say the group developed and distributed Meduza via hacker forums around two years ago and offered it as a subscription-based service. The tool steals browser-stored credentials and cryptocurrency data and, since December 2023, can resurrect expired Chrome authentication cookies to facilitate account takeover. Authorities opened a criminal case after operators targeted an Astrakhan institution and seized confidential server data.

Ukrainian Extradited from Ireland on Conti Ransomware Charges

🔒 A 43-year-old Ukrainian national, Oleksii Lytvynenko, has been extradited from Ireland to the United States on charges tied to the Conti ransomware operation. U.S. authorities allege he controlled stolen data and participated in sending ransom notes during double-extortion attacks between 2020 and June 2022. Arrested by An Garda Síochána in July 2023, Lytvynenko could face up to 25 years in prison if convicted. Prosecutors say the conspiracy extorted cryptocurrency and targeted victims across multiple jurisdictions.

Nation-state Hackers Breach Ribbon Communications' Network

🔒 In a filing with the SEC, Ribbon Communications disclosed that unauthorized actors, reportedly tied to a nation-state, had access to its IT network, with initial intrusion activity traced as far back as December 2024. The company detected the breach in September 2025, has worked to terminate access, and is collaborating with third-party cybersecurity experts and federal law enforcement. Ribbon says it has not yet found evidence of material corporate data theft, although attackers accessed customer files on two laptops outside the main network.

Ex-L3Harris Executive Pleads Guilty to Selling Exploits

🔒 Peter Williams, a former general manager at L3Harris Trenchant, pleaded guilty in U.S. court to stealing and selling protected cyber-exploit components between 2022 and 2025. Prosecutors say he removed at least eight sensitive trade-secret exploit components intended for exclusive government use and sold them to a broker that works with the Russian government for $1.3 million in cryptocurrency. He now faces up to 10 years in prison and significant fines.

Defense Contractor Pleads Guilty to Selling Zero-Days

🛡️ The former general manager of L3Harris cyber-division Trenchant, Australian national Peter Williams, pleaded guilty in a US district court to stealing and selling zero-day exploit components to a Russian cyber broker. Prosecutors allege he exfiltrated at least eight exploit components via encrypted channels in exchange for millions in cryptocurrency and follow-on support payments. Authorities say the code could be worth tens of millions and that the broker’s clients include the Russian government, creating a national security threat. Williams faces up to 20 years in prison and significant fines.

Support for Dobrindt's Active Cyber Defense Plan in Germany

🛡️ Federal Interior Minister Alexander Dobrindt's proposal for active cyber defense has drawn cross-party, cautious approval as he prepares a legal amendment to counter attacks originating from servers abroad. A ministry spokesperson says the measures would allow intervening steps to stop or mitigate attacks by manipulating or disrupting the IT systems or data traffic used, and stressed this is not about hackback or broad retaliatory strikes. Greens signaled conditional support if the approach follows rule-of-law principles, CDU security figures praised a more proactive stance, and Dobrindt expects to present the amendment to cabinet next year.

Europol Raises Alarm Over Caller ID Spoofing Crisis

🚨 Europol has issued a Position Paper warning of a rising wave of caller ID spoofing, where criminals falsify numbers to impersonate banks, government bodies or relatives. The agency estimates global losses around €850m annually and reports spoofing now underpins roughly 64% of phone- and SMS-related fraud. Europol calls for harmonized technical standards, stronger cross-border cooperation and regulatory convergence to make spoofing harder to perpetrate and easier to investigate.

Louvre Apollo Gallery Jewel Heist Reveals Security Gaps

🔍 The theft at the Louvre—where four thieves used an electric ladder, an angle grinder and seven minutes to remove jewels from the Apollo Gallery—exposed stark security lapses. A single outdoor camera pointed away from the balcony left no interior footage, and guards appeared focused on patrons rather than valuables. Arrests have been reported, but the pieces' likely disassembly will greatly reduce their recoverable value.

Europol Dismantles Network Behind 49 Million Fake Accounts

🔒 Europol, together with police in Estonia, Finland, Latvia and Austria, dismantled a cybercrime-as-a-service network during coordinated raids on October 10. Seven suspects were arrested and authorities seized five servers, some 40,000 active SIM cards, luxury vehicles, bank accounts and crypto wallets. Investigators say the operation created roughly 49 million fake accounts across about 80 countries and used those identities to swindle millions of euros.

SIMCARTEL Takedown: Major SIM-Box Supply Network Bust

🔒 Law enforcement dismantled a criminal SIM-card supply network known as 'SIMCARTEL' following coordinated actions across multiple European countries. The now-defunct service operated a commercial SIM-box platform that let customers rent phone numbers from over 80 countries to create and manage an estimated 49 million fake online accounts used in phishing, fraud and other serious offences. Authorities seized five servers, around 1,200 SIM-box devices (operating ~40,000 SIMs), hundreds of thousands of SIM cards, froze more than $500,000 in bank funds and over $330,000 in crypto, and took down two domain services linked to the operation.

Europol Dismantles International SIM Farm Network; SIMCARTEL

🚨 Europol announced the disruption of a sophisticated cybercrime-as-a-service SIM farm in Operation SIMCARTEL, resulting in seven arrests and 26 searches across multiple countries. Authorities seized 1,200 SIM box devices containing about 40,000 active SIM cards, dismantled five servers and took over two websites, and froze significant cash and cryptocurrency assets. The platform supplied numbers from over 80 countries and is tied to the creation of more than 49 million online accounts used in phishing, smishing, investment fraud and other serious offences.

Europol Dismantles Large SIM-box Service Used for Fraud

🔍 Europol, together with national police units and the Shadowserver Foundation, dismantled an illegal SIM‑box service codenamed SIMCARTEL that rented phone numbers to criminals for creating fraudulent online accounts. The service operated about 1,200 SIM‑box devices with roughly 40,000 active SIM cards and offered numbers tied to individuals in more than 80 countries via seized sites gogetsms.com and apisim.com. Authorities linked the infrastructure to thousands of fraud cases and at least EUR 4.5 million in losses in Austria and EUR 420,000 in Latvia.

Three Dutch Teens Linked to Russian-Associated Hackers

🧑‍💻 Three 17-year-olds in the Netherlands are suspected of providing services to a foreign power after one was found communicating with an unnamed Russian-government-affiliated hacking group. Prosecutors say the linked suspect directed the others to repeatedly map Wi‑Fi networks in The Hague and then sold the collected data to the client's contact for a fee. The investigation, opened after a report from the Military Intelligence and Security Service, led to two arrests on 22 September and seizure of devices from a third minor. An updated Criminal Code effective 15 May 2025 now criminalizes digital espionage, carrying up to eight years' imprisonment (or up to 12 years in the most serious cases).

Prosper Data Breach Exposes Personal Data of 17.6M

🔒 Prosper has confirmed a data breach that may have exposed personal information for approximately 17.6 million customers. The company said unauthorized queries were made against customer and applicant databases and that the activity was shut down and access revoked on September 2. Prosper reported no operational disruptions or evidence of unauthorized account access or fund theft, has notified US law enforcement, and will offer affected customers credit monitoring once the scope is confirmed.