All news with #law enforcement action tag

CISA Leads Real-Time Response to Nevada Cyberattack

🔒 CISA and public- and private-sector partners are assisting Nevada following an August 24 cyber attack, focusing on restoring networks that support lifesaving and critical services. At the state's request, CISA Threat Hunting teams are actively examining systems to determine the full scope of impact and mitigate threats. The agency also advised on FEMA emergency response grants, and the FBI is supporting the investigation.

DSLRoot Proxies: Origins, Abuse Risks and 'Legal Botnets'

🔌The article profiles DSLRoot, a long-running residential proxy operator that pays U.S. residents to host laptops and mobile devices and then leases those IPs as dedicated proxies. It traces the service's origins on underground forums and links multiple aliases, domains and registration records to a small network operator. The piece highlights technical risks, including vendor-targeted exploits, remote device control and WiFi enumeration, and warns of potential misuse by nation-state actors and criminal groups.

Alleged Mastermind Behind K-Pop Stock Heist Extradited

🔒 South Korean authorities have extradited a 34-year-old suspect from Thailand, accused of masterminding a coordinated campaign that siphoned millions in stocks from celebrities, including Jung Kook. Investigators say the group stole personal data from Korean telecom firms, used it to assume victims' identities and opened brokerage accounts between August 2023 and January 2024. With assistance from Interpol and Thai authorities, officials tracked and arrested the suspect, who has admitted some allegations while denying others.

Maryland Transit Authority Confirms Cyber Incident

🚨 The Maryland Transit Administration (MTA) reported on August 24 that it is investigating a cyber incident involving unauthorized access to specific systems. Most core services, including Local Bus, Metro Subway, Light Rail, MARC and Commuter Bus, remain on schedule, but some functions are disrupted. Affected services include Mobility Paratransit new bookings and rescheduling, MTA real-time updates and call center support, and Baltimore Metro elevator phones, and the agency is working with the Maryland Department of Information Technology, third-party cybersecurity experts and law enforcement to investigate and remediate the issue.

CIISec: Majority of Security Pros Back Stricter Rules

🔒 A new CIISec survey finds 69% of security professionals believe current cybersecurity laws are insufficient. The annual State of the Security Profession report, compiled from CIISec members and the wider community, highlights a regulatory focus driven by recent legislation such as DORA, NIS2 and the EU AI Act. Respondents assign breach responsibility mainly to boards (91%), and indicate increasing support for senior management sanctions. CIISec's CEO urges improved collaboration, regulation literacy and clearer risk communication.

Chinese Developer Jailed for Deploying Malicious Code

⚖️ A software developer was sentenced to four years in prison after deploying malicious code inside his US employer's network, the Department of Justice said. The defendant, identified as Davis Lu, introduced infinite-loop logic, deleted coworker profile files and implemented a credential-dependent kill-switch that locked out thousands of users in September 2019. The sabotage followed a corporate realignment that reduced his access; investigators found deleted encrypted data and internet searches showing intent to escalate privileges and rapidly delete files while obstructing remediation.

Yemen Cyber Army Hacker Jailed for Massive Data Theft

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.

Fortinet Supports INTERPOL in Operation Serengeti 2.0

🛡️Fortinet supported INTERPOL’s Operation Serengeti 2.0 by providing preemptive threat intelligence—IOCs, command-and-control data, and forensic insights—that helped plan and execute cross-border takedowns. Conducted June–August 2025 with 18 African nations and nine private partners, the operation led to 1,209 arrests, dismantling of 11,432 malicious infrastructures, and recovery of $97.4 million. Fortinet also contributed investigator training and capacity building to sustain disruption efforts.

Europol: Telegram Post Claiming $50,000 Qilin Bounty Is Fake

🔍 Europol has confirmed that a circulated Telegram post claiming a reward of up to $50,000 for information on senior Qilin ransomware operators is false. The message originated on a newly created channel (@europolcti) rather than on Europol's official accounts and was amplified by security outlets after being copied. The bogus announcement named alleged aliases "Haise" and "XORacle", and the channel poster later boasted about fooling researchers and journalists. Europol stressed that Qilin remains a significant threat, previously linked to an attack on a UK NHS provider with severe consequences.

INTERPOL Arrests 1,209 Cybercriminals in Africa Sweep

🔎 INTERPOL coordinated a multi-country crackdown that led to the arrest of 1,209 suspected cybercriminals across 18 African nations, targeting schemes that affected roughly 88,000 victims. The operation, the second phase of Operation Serengeti carried out between June and August 2025, recovered about $97.4 million and dismantled 11,432 malicious infrastructures. Private-sector partners including Group-IB and TRM Labs contributed intelligence on cryptocurrency fraud and ransomware links.

Scattered Spider Member Sentenced to 10 Years in US

🔒 Noah Michael Urban, a 20-year-old member of the Scattered Spider cybercrime gang, was sentenced to 120 months in federal prison after pleading guilty to wire fraud and aggravated identity theft in April 2025. The court also ordered $13 million in restitution and three years of supervised release; Urban called the sentence unjust. Prosecutors say Urban and co-conspirators used SIM swapping and social engineering between August 2022 and March 2023 to steal at least $800,000 and hijack cryptocurrency accounts. His case is part of broader DoJ actions against Scattered Spider as the group forges alliances with other criminal collectives.

SIM-Swapper Scattered Spider Hacker Sentenced 10 Years

🔒 A 20-year-old Florida man, Noah Michael Urban, was sentenced to 10 years in federal prison and ordered to pay about $13 million in restitution after pleading guilty to wire fraud and conspiracy. Prosecutors say Urban acted with members of Scattered Spider, using SIM-swapping and SMS phishing to divert calls and one-time codes and to phish employees into fake Okta pages. The campaign compromised access at more than 130 firms and enabled thefts of proprietary data and millions in cryptocurrency.

Smashing Security Podcast 431: Cloud Bill Fraud & EDR Risks

🛡️ In episode 431 of the Smashing Security podcast, Graham Cluley and guest Allan Liska examine a high-profile cloud-billing fraud in which a crypto influencer calling himself CP3O racked up millions in unpaid cloud costs through cryptomining schemes. They also highlight the growing threat of EDR‑killer tools that can silently disable endpoint protection to aid attackers. The show includes lighter segments on the Internet Archive’s Wayforward Machine and a visit to Mary Shelley’s grave, and carries a content warning for mature language and themes.

Oregon Man Charged Over Rapper Bot DDoS Service Probe

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.

Dutch prosecution hack disables multiple speed cameras

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.

Mobile Phishers Target Brokerage Accounts in Ramp-and-Dump

📈 Cybercriminals selling advanced mobile phishing kits have shifted from converting stolen cards into mobile wallets to hijacking brokerage accounts for a coordinated ramp and dump scheme that inflates and then collapses foreign and penny stock prices. Vendors such as Outsider (aka Chenlun) offer templates that spoof brokers via iMessage and RCS to harvest logins and SMS one-time codes. Operators use banks of phones and human handlers to preposition, trade, and liquidate positions, leaving victims with worthless shares while brokers and regulators contend with the fallout.

US Seizes $1.09M in Bitcoin From BlackSuit Gang Takedown

💰 The US Department of Justice announced it seized US $1,091,453 in cryptocurrency linked to the Russian-operated BlackSuit ransomware group following an international takedown of servers, domains and the gang's dark web extortion site. The recovered funds derive from a 49.3120227 Bitcoin ransom payment on or about April 4, 2023; that payment was originally worth US $1,445,454.86. Law enforcement partners in the United States, United Kingdom, Canada, Germany, Ireland and France collaborated on the operation that seized four servers and nine domains on July 24, and the frozen funds were identified after repeated deposits and withdrawals that ended with an exchange freeze in January 2024.

KrebsOnSecurity Featured in HBO Max 'Most Wanted' Series

📰 The HBO Max documentary Most Wanted: Teen Hacker features interviews with Brian Krebs and examines the criminal trajectory of Julius Kivimäki, a Finnish hacker convicted for extensive data breaches and later mass extortion. The four-part series traces his early role in the Lizard Squad, high-profile DDoS attacks, swatting incidents, and the Vastaamo psychotherapy breach and patient extortion. Directed by Sami Kieski and co-written by Joni Soila, episodes will stream weekly on Fridays throughout September.

Ransomware Forces German Insurance Firm into Bankruptcy

⚠ A ransomware attack attributed to the Royal group forced German insurer Einhaus Gruppe into insolvency after encrypted systems and locked servers halted operations. The spring 2023 incident left printers displaying a takeover message, prevented staff access to critical data, and generated a mid-seven-figure business disruption. Einhaus paid a ransom of roughly US $230,000, but prosecutors later seized cryptocurrency allegedly tied to the perpetrators, and the withheld funds impeded restructuring efforts and helped drive the company into bankruptcy.

Arrest in Raid on XSS Forum: Who Was Detained and Why

🔍 Europol and Ukrainian authorities announced the arrest of a 38-year-old suspect tied to the Russian-language XSS crime forum after a July 22, 2025 operation led by French investigators. Authorities say the detainee served as a trusted third party, arbitrating disputes and assuring transaction security for members linked to multiple ransomware groups. Reporting traces forum activity and multiple domain registrations tied to the handle 'Toha', but investigation suggests the arrested man is likely Anton Medvedovskiy rather than alternate identities circulated online. The takedown yielded Jabber server logs and forum backups, prompting a wary, contested relaunch.