law enforcement | Breaking Cybersecurity News | The Hacker News

Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash, firearm, as well as electronic devices, luxury watches, and jewelry have been seized. "Besides committing large-scale 'phishing' campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors," the agency said . The cybercrime operation involved sending phishing messages via email, SMS, and WhatsApp, urging recipients to click on a link that captured the credentials and other information. In other instances, victims were approached by the crimina...

Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices, cell phones, computers, as well as cash and crypto assets worth more than €63,000 ($66,500) have been confiscated. Manson Market ("manson-market[.]pw") is believed to have launched in 2022 as a way to peddle sensitive information that was illegally obtained from victims as part of phishing and vishing (voice phishing) schemes. One such criminal activity involved calling victims under the guise of bank employees to trick them into revealing their addresses and security answers. In another instance, a network of fake online shops was employed to deceive visitors into entering th...

CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower , comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries . This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.  It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum...

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V , which took place between July and November 2024, INTERPOL said. "The effects of cyber-enabled crime can be devastating – people losing their life savings, businesses crippled, and trust in digital and financial systems undermined," INTERPOL Secretary General Valdecy Urquiza said in a statement. "The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation supported by INTERPOL shows what results can be achieved when countries work together. It's only through united efforts that we can make the real and digital worlds safer." As part of H...

A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. Matveev has been charged under Part 1 of Article 273 of the Criminal Code of the Russian Federation, which relates to the creation, use, and distribution of computer programs that can cause "destruction, blocking, modification or copying of computer information." He was previously charged and ...

An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti , the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email compromise (BEC), digital extortion, and online scams. The participating nations in the operation were Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe. These activities, which ranged from online credit card fraud and Ponzi schemes to investment and multi-level marketing scams, victimized more than 35,000 people, leading to financial losses nearly amounting to $193 million across the world. In connection with the $6 million online Ponzi ...

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ) described Bitcoin Fog as the darknet's longest-running cryptocurrency mixer , allowing cybercriminals to conceal the source of their cryptocurrency proceeds. "Over the course of its decade-long operation, Bitcoin Fog gained notoriety as a go-to money laundering service for criminals seeking to hide their illicit proceeds from law enforcement and processed transactions involving over 1.2 million bitcoin, valued at approximately $400 million at the time the transactions occurred," the DoJ said . "The bulk of this cryptocurrency came from darknet marketplaces and was tied ...

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized," INTERPOL said . "Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized." The actions also led to the arrest of 41 individuals, with 65 others still under investigation. Some of the other key outcomes across countries are listed below - Takedown of more than 1,037 servers by Hong Kong police Seizure of a server and the identification of 93 individuals with links to illegal cyber activities in Mongolia Disruption of 291 servers in Macau Identification of 11 individuals with links to malicious servers and...

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media . The exact nature of the charges against Moucka is currently not known. In June 2024, Snowflake disclosed that a "limited number" of its customers were targeted as part of a targeted campaign. Later, Google-owned Mandiant attributed it to a financially motivated threat group called UNC5537. "UNC5537 comprises members based in North America, and collaborates with an additional member in Turkey," the company assessed with moderate confidence at the time, adding approximately 16...

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said . "The use of stresser services to carry out DDoS attacks has recently become increasingly known in the context of police investigations." The BKA described dstat[.]cc as a platform that offered recommendations and evaluations of stresser services in order to conduct DDoS attacks against websites of interest and render them unresponsive. According to an alert published by Radware in January 2023, dstat[.]cc offered botnet owners the ability to assess the capacity and capabilities of their DDoS attack services. "Bot herders use DStat sites ...

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer . The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia. Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains (fivto[.]online and spasshik[.]xyz). In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware. As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said , adding one of them has since been released, while the other remains in custody. The U.S. Department of Justice (DoJ) has charge...

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov guilty of illegal circulation of means of payment. Puzyrevsky and Khansvyarov have also been found guilty of using and distributing malware. To that end, Zaets and Malozemov were sentenced to 4.5 and 5 years in prison. Khansvyarov and Puzyrevsky received a jail term of 5.5 and 6 years, respectively. The four individuals are part of a group of 14 people who were initially detained in connection with the case. As reported by TASS back in January 2022, eight of them were charged by the court for their malicious activities. The remaining four members, Andrei Bessonov, Mikhail Golovach...

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks, and government agencies in the United States and around the world, the U.S. Department of Justice (DoJ) said. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, have been charged with one count of conspiracy to damage protected computers. Ahmed Salah has also been charged with three counts of damaging protected computers. If convicted on all charges, Ahmed Salah faces a statutory maximum sentence of life in federal prison, while Alaa Salah faces a maximum sentence of five years in federal prison. The DDoS tool is said to have been disabled in March 2024, the same...

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company called NexFundAI . NexFundAI, as per information on the website, was marketed as redefining the "intersection between finance and artificial intelligence" and that its aim was to "create a cryptocurrency token that not only serves as a secure store of value but also acts as a catalyst for positive change in the world of AI." "Three market makers — ZM Quant, CLS Global, and MyTrade — along with their employees are charged with allegedly wash trading and/or conspiring to wash trade on behalf of NexFundAI, a cryptocurrency co...

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit scams after one of its developers allegedly went rogue in what was characterized by one of the administrators as a "shameful and disgruntled set of events." Bohemia is said to have served 82,000 ads worldwide every day, with about 67,000 transactions taking place each month. In September 2023 alone, the estimated turnover was €12 million. "Some of the sellers in the market advertised shipping from the Netherlands," the Politie said . "An initial analysis shows that at least 14...

INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune of more than $1.4 million. The cybercriminals posed as buyers on small advertising websites and used QR codes to direct victims to fraudulent websites that mimicked a legitimate payment platform. This allowed victims to inadvertently enter personal information such as their credentials or card numbers. The perpetrators also impersonated the unnamed platform's customer service agents over the phone to further deceive them. As many as 260 scam reports are said to have been received by Swiss authorities between August 2023 and April 2024, prompting a collaborative investigation that ...

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who allegedly supported an affiliate, and an administrator of a bulletproof hosting service in Spain used by the ransomware group, Europol said in a statement. In conjunction, authorities outed a Russian national named Aleksandr Ryzhenkov (aka Beverley, Corbyn_Dallas, G, Guester, and Kotosel) as one of the high-ranking members of the Evil Corp cybercrime group, while simultaneously painting him as a LockBit affiliate. Sanctions have also been announced against seven individuals and two entities linked to the e-crime gang. "The United States, in close coordination with our allies and part...

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment, Microsoft said. "Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations," according to the tech giant's threat intelligence team. Active since 2021, the threat actor has a history of targeting education entities with Sabbath (54bb47h) ransomware before evolving into a ransomware-as-a-service ( RaaS ) affiliate delivering various ransomware payloads over the years, including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware. A n...