#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

law enforcement | Breaking Cybersecurity News | The Hacker News

Category — law enforcement
FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites

FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites

Feb 11, 2025 Cybercrime / Ransomware
Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg." The takedown involved the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, as well as agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand. Thai media reports have revealed that four European nationals – two men and two women – were arrested across four different locations on Monday as part of an effort codenamed Operation Phobos Aetor. The identities of the suspects were not disclosed. Authorities are said to have seized more than 40 pieces of evidence, including ...
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Feb 06, 2025 Cybercrime / Ransomware
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined, suggesting that more victims were targeted, but fewer paid," the company said . Adding to the challenges is an increasingly fragmented ransomware ecosystem, which, in the wake of the collapse of LockBit and BlackCat, has led to the emergence of a lot of newcomers that have eschewed big game hunting in favor of small- to mid-size entities that, in turn, translate to more modest ransom demands. According to data compiled by Coveware, the average ransomware payment in Q4 2024 was at $553,959, up from $479,237 in Q3 . The median ransomware payment, in contrast, dropped from $200,000 to $...
Navigating the Future: Key IT Vulnerability Management Trends

Navigating the Future: Key IT Vulnerability Management Trends 

Feb 11, 2025Vulnerability / Threat Detection
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey Report 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025. Companies are increasing the frequency of vulnerability assessments  In 2024, 24% of respondents said they conduct vulnerability assessments more than four times per year, up from 15% in 2023. This shift highlights a growing recognition of the need for continuous monitoring and quick response to emerging t...
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Feb 01, 2025 Cybercrime / Fraud Prevention
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and was operated by a group known as Saim Raza since at least 2020, which is also known as HeartSender. These offerings were then used by transnational organized crime groups to target several victims in the United States as part of various business email compromise ( BEC ) schemes, leading to losses totaling over $3 million. "The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages, and email extractors, often used to build and maintain fraud operations," the U.S. Department of Justice (DoJ) said . "N...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Jan 30, 2025 Online Fraud / Cybercrime
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated as part of Operation Talent that involved authorities from Australia, France, Greece, Italy, Romania, Spain, and the United States, along with Europol. "This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners," the message reads. Operational since at 2015 and 2018, both Nulled and Cracked have been used to peddle various hack tools, such as ScrubCrypt, a malware obfuscation engine that has been observed delivering stealer malware in the pas...
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

Jan 15, 2025 Malware / Threat Intelligence
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC), allowing for information theft and remote control of compromised devices. An affidavit filed by the FBI noted that the identified PlugX variant is linked to a state-sponsored hacking group called Mustang Panda , which is also referred to as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and Twill Typhoon. "Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident...
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Dec 16, 2024 Cyber Attack / Cyber Espionage
The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv . These groups, per the agency, consisted exclusively of children aged 15 and 16. "The minors carried out hostile tasks of conducting reconnaissance, correcting strikes, and arson," the SSU said in a statement released Friday. "To mask subversive activities, both enemy cells operated separately from each other." As per the quest game rules set by the FSB, the children were given geographic coordinates, after which they were instructed to get to the location, take photos and videos of targets, and provide a general description of the surrounding area. The results of these reconnaissance m...
Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

Dec 10, 2024 Cybercrime / Vishing
Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash, firearm, as well as electronic devices, luxury watches, and jewelry have been seized. "Besides committing large-scale 'phishing' campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors," the agency said . The cybercrime operation involved sending phishing messages via email, SMS, and WhatsApp, urging recipients to click on a link that captured the credentials and other information. In other instances, victims were approached by the crimina...
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Dec 05, 2024 Online Fraud / Cybercrime
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices, cell phones, computers, as well as cash and crypto assets worth more than €63,000 ($66,500) have been confiscated. Manson Market ("manson-market[.]pw") is believed to have launched in 2022 as a way to peddle sensitive information that was illegally obtained from victims as part of phishing and vishing (voice phishing) schemes. One such criminal activity involved calling victims under the guise of bank employees to trick them into revealing their addresses and security answers. In another instance, a network of fake online shops was employed to deceive visitors into entering th...
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Dec 04, 2024 Encryption / Cybercrime
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower , comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries . This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.  It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum...
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

Dec 02, 2024 Financial Fraud / Cryptocurrency
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V , which took place between July and November 2024, INTERPOL said. "The effects of cyber-enabled crime can be devastating – people losing their life savings, businesses crippled, and trust in digital and financial systems undermined," INTERPOL Secretary General Valdecy Urquiza said in a statement. "The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation supported by INTERPOL shows what results can be achieved when countries work together. It's only through united efforts that we can make the real and digital worlds safer." As part of H...
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Nov 30, 2024 Ransomware / Cybercrime
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. Matveev has been charged under Part 1 of Article 273 of the Criminal Code of the Russian Federation, which relates to the creation, use, and distribution of computer programs that can cause "destruction, blocking, modification or copying of computer information." He was previously charged and ...
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

Nov 27, 2024 Cybercrime / Financial Fraud
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti , the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email compromise (BEC), digital extortion, and online scams. The participating nations in the operation were Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe. These activities, which ranged from online credit card fraud and Ponzi schemes to investment and multi-level marketing scams, victimized more than 35,000 people, leading to financial losses nearly amounting to $193 million across the world. In connection with the $6 million online Ponzi ...
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

Nov 09, 2024 Cryptocurrency / Cybercrime
The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ) described Bitcoin Fog as the darknet's longest-running cryptocurrency mixer , allowing cybercriminals to conceal the source of their cryptocurrency proceeds. "Over the course of its decade-long operation, Bitcoin Fog gained notoriety as a go-to money laundering service for criminals seeking to hide their illicit proceeds from law enforcement and processed transactions involving over 1.2 million bitcoin, valued at approximately $400 million at the time the transactions occurred," the DoJ said . "The bulk of this cryptocurrency came from darknet marketplaces and was tied ...
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime

INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime

Nov 06, 2024 Cyber Threat / Cybercrime
INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized," INTERPOL said . "Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized." The actions also led to the arrest of 41 individuals, with 65 others still under investigation. Some of the other key outcomes across countries are listed below - Takedown of more than 1,037 servers by Hong Kong police Seizure of a server and the identification of 93 individuals with links to illegal cyber activities in Mongolia Disruption of 291 servers in Macau Identification of 11 individuals with links to malicious servers and...
Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks

Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks

Nov 05, 2024 Data Breach / Cybercrime
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media . The exact nature of the charges against Moucka is currently not known. In June 2024, Snowflake disclosed that a "limited number" of its customers were targeted as part of a targeted campaign. Later, Google-owned Mandiant attributed it to a financially motivated threat group called UNC5537. "UNC5537 comprises members based in North America, and collaborates with an additional member in Turkey," the company assessed with moderate confidence at the time, adding approximately 16...
German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

Nov 04, 2024 DDoS Attack / Cybercrime
German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said . "The use of stresser services to carry out DDoS attacks has recently become increasingly known in the context of police investigations." The BKA described dstat[.]cc as a platform that offered recommendations and evaluations of stresser services in order to conduct DDoS attacks against websites of interest and render them unresponsive. According to an alert published by Radware in January 2023, dstat[.]cc offered botnet owners the ability to assess the capacity and capabilities of their DDoS attack services. "Bot herders use DStat sites ...
Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

Oct 29, 2024 Cybercrime / Malware
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer . The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia. Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains (fivto[.]online and spasshik[.]xyz). In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware. As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said , adding one of them has since been released, while the other remains in custody. The U.S. Department of Justice (DoJ) has charge...
Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Oct 26, 2024 Cybercrime / Malware
Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov guilty of illegal circulation of means of payment. Puzyrevsky and Khansvyarov have also been found guilty of using and distributing malware. To that end, Zaets and Malozemov were sentenced to 4.5 and 5 years in prison. Khansvyarov and Puzyrevsky received a jail term of 5.5 and 6 years, respectively. The four individuals are part of a group of 14 people who were initially detained in connection with the case. As reported by TASS back in January 2022, eight of them were charged by the court for their malicious activities. The remaining four members, Andrei Bessonov, Mikhail Golovach...
U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Oct 17, 2024 Cyber Crime / Hacktivism
Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks, and government agencies in the United States and around the world, the U.S. Department of Justice (DoJ) said. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, have been charged with one count of conspiracy to damage protected computers. Ahmed Salah has also been charged with three counts of damaging protected computers. If convicted on all charges, Ahmed Salah faces a statutory maximum sentence of life in federal prison, while Alaa Salah faces a maximum sentence of five years in federal prison. The DDoS tool is said to have been disabled in March 2024, the same...
Expert Insights / Articles Videos
Cybersecurity Resources