CyberSecurity news

FlagThis - #lawenforcement

@cyberinsider.com //

Operation Endgame Targets SmokeLoader Customers

Law enforcement agencies across North America and Europe have taken action against users of the Smokeloader botnet in a follow-up to Operation Endgame, a major takedown that occurred in May 2024. This new phase targets the demand side of the cybercrime economy, focusing on individuals who purchased access to compromised computers through Smokeloader’s pay-per-install service, which was operated by the cybercriminal known as "Superstar". Authorities have arrested at least five individuals, conducted house searches, and interrogated suspects linked to the use of the Smokeloader botnet. In addition to arrests, servers used by the Smokeloader botnet's customers have also been seized.

Evidence used to identify and apprehend the Smokeloader users came from backend databases obtained during the initial Operation Endgame takedown. These databases contained information about who had purchased access to the infected machines, allowing investigators to match usernames and payment information to real-world identities. The customers of the Smokeloader botnet were using the access to deploy various types of malware, including ransomware, spyware, and cryptominers for their own illicit activities. Some suspects were found to be reselling the Smokeloader access for profit, adding another layer to the investigation.

The investigation remains open, and authorities are continuing to work through leads, with more actions expected. Europol has launched a dedicated website, operation-endgame.com, to collect tips and provide updates on the operation. Law enforcement agencies are sending a clear message that they are committed to disrupting the cybercrime ecosystem by targeting not only the operators of malicious services but also the individuals who use and fund them. Officials said that the malware's customers faced various consequences ranging from "knock and talks," full house searches, all the way to arrests.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals.
  • cyberinsider.com: Nearly a year after the landmark Operation Endgame dismantled the infrastructure behind several major malware droppers, law enforcement agencies have launched a follow-up offensive targeting of the demand side of the cybercrime economy. Authorities across Europe and North America arrested five individuals, conducted house searches, and interrogated suspects linked to the use of the SmokeLoader … The post appeared first on .
  • Metacurity: ICMYI, Operation Endgame bust a boatload of customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar' as outlined in the joint operation's season two premiere video episode.
  • BleepingComputer: Police detains Smokeloader malware customers, seizes servers
  • CyberInsider: ‘Operation Endgame’ Leads to Five Arrests in SmokeLoader Botnet Crackdown
  • DataBreaches.Net: Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
  • hackread.com: Smokeloader Users Identified and Arrested in Operation Endgame
  • www.scworld.com: Operation Endgame follow-up cracks down on Smokeloader botnet
  • The Register - Security: Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…
  • hackread.com: Smokeloader Users Identified and Arrested in Operation Endgame
  • www.itpro.com: Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting
  • The Hacker News: Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Classification:
Lorenzo Franceschi-Bicchierai@techcrunch.com //

Russian Crypto Exchange Garantex Seized

The U.S. Secret Service, in collaboration with international law enforcement agencies, has seized the domain of the Russian cryptocurrency exchange Garantex. This action was part of an ongoing investigation and involved agencies such as the Department of Justice's Criminal Division, the FBI, Europol, the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor's Office, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police. The Secret Service confirmed the seizure of website domains associated with Garantex's administration and operation.

The seizure warrant was obtained by the US Attorney's Office for the Eastern District of Virginia. Garantex had previously been sanctioned by the U.S. in April 2022, due to its association with illicit activities. Authorities have linked over $100 million in transactions on the exchange to criminal enterprises and dark web markets, including substantial sums connected to the Conti ransomware gang and the Hydra online drug marketplace.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: The US Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.
  • The Register - Security: International cops seize ransomware crooks' favorite Russian crypto exchange
  • infosec.exchange: UPDATE: Secret Service spokesperson told us that it "has seized website domains associated with the administration and operation of Russian cryptocurrency exchange, Garantex as part of an ongoing investigation."
  • Zack Whittaker: NEW: Russian crypto exchange Garantex has been seized by the U.S. Secret Service during an international law enforcement operation. FBI declined to comment; Secret Service didn't respond, but Garantex's domain is now pointing to nameservers run by the Secret Service. More from :
  • securityaffairs.com: International law enforcement operation seized the domain of the Russian crypto exchange Garantex
  • The Register - Security: Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
  • infosec.exchange: NEW: The U.S. government has accused two administrators of Russian crypto exchange Garantex of facilitating money laundering for terrorists and cybercriminals. Aleksej Besciokov and Aleksandr Mira Serda allegedly knew they were helping ransomware hackers as well as DPRK's Lazarus Group. Besciokov is also accused of conspiracy to violate U.S. sanctions.
  • The Hacker News: U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
  • infosec.exchange: NEW: U.S. Secret Service and other international law enforcement agencies have seized the website of Russian crypto exchange Garantex. Garantex had previously been sanctioned by the U.S. government for being associated with ransomware gangs like Conti and darknet markets, as well as by the European Union for ties to sanctioned Russian banks.
  • The DefendOps Diaries: International Collaboration in the Takedown of Garantex
  • Threats | CyberScoop: The Department of Justice also indicted two men tied to the exchange.
  • BleepingComputer: The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions.
  • techcrunch.com: US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
  • Metacurity: Law enforcement took down hacker-friendly Russian crypto exchange Garantex
  • www.scworld.com: Global law enforcement crackdown hits Russian crypto exchange Garantex
  • securityonline.info: Secret Service-Led Operation Seizes Garantex Cryptocurrency Exchange
  • techcrunch.com: Russian crypto exchange Garantex seized by law enforcement operation
  • Jon Greig: US officials charged Aleksej Besciokov and Aleksandr Mira Serda on Friday for their roles at Garantex They also made copies of Garantex’s customer and accounting databases before servers were seized by German and Finnish officials
  • infosec.exchange: NEW: After authorities took down the domains of Russian crypto exchange's Garantex, and charged two of its administrators for facilitating money laundering, the company is now inviting customers for “face-to-face meetingsâ€� at its headquarters. 🤔
  • hackread.com: Garantex Crypto Exchange Seized, Two Charged in Laundering Scheme
  • techcrunch.com: Following takedown operation, Garantex invites customers to ‘face-to-face’ Moscow meeting
  • BrianKrebs: Scoop: Alleged Co-Founder of sanctioned cryptocurrency exchange Garantex arrested in India. Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
  • krebsonsecurity.com: Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
  • Security | TechRepublic: Long Arm of the Law Comes for Russian Crypto: Why Secret Service Seized Garantex
  • BleepingComputer: Garantex crypto exchange admin arrested while on vacation
  • Chainalysis: International Action Dismantles Notorious Russian Crypto Exchange Garantex
  • The DefendOps Diaries: International Crackdown on Garantex: Implications for the Crypto Industry
Classification:
  • HashTags: #Garantex #Cryptocurrency #Ransomware
  • Company: Garantex
  • Target: Garantex
  • Product: Cryptocurrency exchange
  • Feature: money laundering
  • Type: Hack
  • Severity: Major
@techcrunch.com //

Global Police Operation Seizes 8Base Ransomware Leak Site

A global police operation involving agencies from Europe, Japan, the U.S., and the U.K. has successfully seized the dark web leak site of the 8Base ransomware gang. The takedown message displayed on the site was confirmed as legitimate by Lucy Sneddon, a spokesperson for the U.K.’s National Crime Agency. While the U.K. played a supportive role, other involved agencies have not yet commented. Security researchers first noticed the seizure notice earlier this week.

This operation is part of a larger effort targeting ransomware gangs. In a related development, authorities have arrested four suspected Phobos ransomware hackers in Phuket, Thailand. These individuals are accused of conducting cyberattacks on over 1,000 victims worldwide and extorting $16,000,000 worth of Bitcoin. The operation, codenamed "Phobos Aetor," involved raids across multiple locations.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberInsider: Phobos Ransomware Gang Dismantled in International Sting
  • BleepingComputer: Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
  • BleepingComputer: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
  • bsky.app: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
  • Carly Page: Mastodon post confirming the takedown of 8Base's leak site.
  • techcrunch.com: TechCrunch reports on the global police operation seizing the 8base ransomware gang leak site.
  • www.bleepingcomputer.com: BleepingComputer's report on the takedown of 8Base's dark web sites.
  • DataBreaches.Net: Reports on police arresting 4 Phobos ransomware suspects and seizing 8Base sites.
  • Threats | CyberScoop: cyberscoop article on 8base
  • cyberscoop.com: Thai authorities detain four Europeans in ransomware crackdown
  • Anonymous ???????? :af:: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites.
  • The Register - Security: The Register: All your 8Base are belong to us: Ransomware crew busted in global sting
  • securityaffairs.com: Report on the 8Base ransomware takedown highlighting the international collaboration.
  • The Hacker News: The Hacker News: 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
  • www.helpnetsecurity.com: The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware.
  • BleepingComputer: Police arrests 2 Phobos ransomware suspects, seizes 8Base sites - BleepingComputer
  • socradar.io: International Operation Targets 8Base and Phobos Ransomware Gangs In a coordinated global effort, law enforcement agencies have successfully dismantled the dark web infrastructure of the 8Base ransomware gang and arrested four individuals linked to the Phobos ransomware.
  • Help Net Security: 8Base ransomware group leaders arrested, leak site seized
  • PCMag UK security: An international operation has dealt a major blow to a cybergang known as 8Base, which used the Phobos to infect hundreds of companies and organizations.
  • techcrunch.com: Authorities arrest four suspected 8base ransomware operators in global takedown
  • www.europol.europa.eu: Report on the global law enforcement operation that led to the arrests.
  • Security Boulevard: Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
  • securityboulevard.com: With "Operation Phobos Aetor," international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation.
  • securityaffairs.com: Global law enforcement operation targeting the 8Base ransomware gang and related criminal activity.
  • Carly Page: A global law enforcement operation has led to the arrest of four individuals who authorities accuse of being key figures in the 8base ransomware operation. The four suspects are accused of amassing $16 million through ransomware attacks against more than 1,000 organizations globally
  • www.csoonline.com: Law enforcement agencies from 14 countries collaborated in an investigation against the related Phobos and 8Base ransomware operations, arresting four suspects and seizing 27 servers, including the data leak and ransom negotiation websites.
Classification:
  • HashTags: #8Base #Ransomware #LawEnforcement
  • Target: 8Base Ransomware Gang
  • Attacker: 8Base Ransomware Gang
  • Malware: 8Base Ransomware
  • Type: Ransomware
  • Severity: Major

Posts

Blogs

Research Tools