CyberSecurity news

FlagThis - #lawenforcement

@techcrunch.com - 17d

Global Police Operation Seizes 8Base Ransomware Leak Site - International law enforcement agencies seized the dark web leak site of the 8Base ransomware gang, disrupting operations and potentially preventing future attacks.
References: CyberInsider , BleepingComputer , bsky.app ...
A global police operation involving agencies from Europe, Japan, the U.S., and the U.K. has successfully seized the dark web leak site of the 8Base ransomware gang. The takedown message displayed on the site was confirmed as legitimate by Lucy Sneddon, a spokesperson for the U.K.’s National Crime Agency. While the U.K. played a supportive role, other involved agencies have not yet commented. Security researchers first noticed the seizure notice earlier this week.

This operation is part of a larger effort targeting ransomware gangs. In a related development, authorities have arrested four suspected Phobos ransomware hackers in Phuket, Thailand. These individuals are accused of conducting cyberattacks on over 1,000 victims worldwide and extorting $16,000,000 worth of Bitcoin. The operation, codenamed "Phobos Aetor," involved raids across multiple locations.

Recommended read:
References :
  • CyberInsider: Phobos Ransomware Gang Dismantled in International Sting
  • BleepingComputer: Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
  • BleepingComputer: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
  • bsky.app: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
  • Carly Page: Mastodon post confirming the takedown of 8Base's leak site.
  • techcrunch.com: TechCrunch reports on the global police operation seizing the 8base ransomware gang leak site.
  • www.bleepingcomputer.com: BleepingComputer's report on the takedown of 8Base's dark web sites.
  • DataBreaches.Net: Reports on police arresting 4 Phobos ransomware suspects and seizing 8Base sites.
  • Threats | CyberScoop: cyberscoop article on 8base
  • cyberscoop.com: Thai authorities detain four Europeans in ransomware crackdown
  • Anonymous ???????? :af:: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites.
  • The Register - Security: The Register: All your 8Base are belong to us: Ransomware crew busted in global sting
  • securityaffairs.com: Report on the 8Base ransomware takedown highlighting the international collaboration.
  • The Hacker News: The Hacker News: 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
  • www.helpnetsecurity.com: The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware.
  • BleepingComputer: Police arrests 2 Phobos ransomware suspects, seizes 8Base sites - BleepingComputer
  • socradar.io: International Operation Targets 8Base and Phobos Ransomware Gangs In a coordinated global effort, law enforcement agencies have successfully dismantled the dark web infrastructure of the 8Base ransomware gang and arrested four individuals linked to the Phobos ransomware.
  • Help Net Security: 8Base ransomware group leaders arrested, leak site seized
  • PCMag UK security: An international operation has dealt a major blow to a cybergang known as 8Base, which used the Phobos to infect hundreds of companies and organizations.
  • techcrunch.com: Authorities arrest four suspected 8base ransomware operators in global takedown
  • www.europol.europa.eu: Report on the global law enforcement operation that led to the arrests.
  • Security Boulevard: Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
  • securityboulevard.com: With "Operation Phobos Aetor," international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation.
  • securityaffairs.com: Global law enforcement operation targeting the 8Base ransomware gang and related criminal activity.
  • Carly Page: A global law enforcement operation has led to the arrest of four individuals who authorities accuse of being key figures in the 8base ransomware operation. The four suspects are accused of amassing $16 million through ransomware attacks against more than 1,000 organizations globally
  • www.csoonline.com: Law enforcement agencies from 14 countries collaborated in an investigation against the related Phobos and 8Base ransomware operations, arresting four suspects and seizing 27 servers, including the data leak and ransom negotiation websites.
Alex Lekander@CyberInsider - 86d

Takedown of Criminal Communication Platforms - An international operation dismantled MATRIX, an encrypted messaging service used by criminal networks, seizing over 2.3 million messages and arresting key suspects.
An international operation, codenamed 'Operation Passionflower', has successfully dismantled MATRIX, a highly secure encrypted messaging platform used by cybercriminals. Dutch and French police, working in collaboration with Europol and Eurojust, conducted months of surveillance before taking down the platform. The operation resulted in the arrests of two key suspects—a Lithuanian and a 30-year-old Dutchman—in Spain, along with the seizure of servers in France and Germany. Authorities also confiscated significant assets, including €145,000 in cash, €500,000 in cryptocurrency, luxury vehicles, and real estate valued at over €15 million.

The MATRIX platform, also known as Q-Safe, facilitated criminal activities such as drug and arms trafficking, and money laundering. Investigators intercepted approximately 2.3 million messages in 33 languages from roughly 8,000 accounts worldwide. Police officials highlighted the complexity of the MATRIX infrastructure, noting that it was more sophisticated than previous encrypted services like Sky and Encro, leading criminals to believe their communications were untraceable. The investigation, spurred by the 2021 murder of Dutch crime reporter Peter R. de Vries, utilized advanced digital technology and data analysis techniques to identify and track users.

This takedown underscores the ongoing international efforts to combat cybercrime and disrupt criminal networks. The operation highlights the effectiveness of international cooperation and sophisticated investigative techniques in dismantling encrypted communication platforms used for illegal activities. Police warn that further arrests are possible as the investigation continues. The success of Operation Passionflower serves as a warning to criminals relying on seemingly impenetrable encrypted services; law enforcement possesses the capabilities to penetrate even the most advanced security measures.

Recommended read:
References :
  • CyberInsider: This report highlights the successful dismantling of Matrix, an encrypted communication service used by criminal networks, detailing the scale of the operation and its impact on global crime.
  • socradar.io: This article discusses the takedown of MATRIX, an encrypted messaging service used by criminal networks.
  • Links: This is a news report from Europol on the takedown of MATRIX, an encrypted messaging service used by criminals.
  • Help Net Security: This report from Help Net Security details how an international team of law enforcement agencies shut down the encrypted messaging service MATRIX, which was used by criminals around the world to coordinate their activities.
  • Techzine Global: This article also describes the takedown of the MATRIX encrypted communications service by Dutch and French law enforcement officials.
  • bsky.app: A law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.
  • Silicon Republic: Europol takes down Matrix encrypted messaging service
  • thecyberexpress.com: Europol Dismantles MATRIX: The Encrypted Messaging Service Fueling Global Crime
  • The Hacker News: Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
  • TechRadar: Police crack encrypted chat service MATRIX used by criminals
  • DataBreaches.Net: Databreaches.net reports on the arrest of a Crimenetwork administrator and the shutdown of the marketplace.
  • therecord.media: The Record reports on the German authorities' operation against the Crimenetwork marketplace.
@www.justice.gov - 26d

US Dutch dismantle BEC fraud network - US and Dutch authorities dismantled a network of 39 domains used for Business Email Compromise (BEC) fraud, selling phishing toolkits and scam tools.
U.S. and Dutch law enforcement agencies have jointly dismantled a network of 39 domains and associated servers used in Business Email Compromise (BEC) fraud operations. The operation, codenamed "Operation Heart Blocker," took place on January 29th and targeted the infrastructure of a group known as "The Manipulaters," which also went by the name Saim Raza. This group operated online marketplaces originating from Pakistan, selling phishing toolkits, scam pages, email extractors, and fraud-enabling tools. The services marketed were utilized by transnational organized crime groups in the US who used these tools to target various victims with BEC schemes. These attacks tricked victim companies into making fraudulent payments which are estimated to have caused over $3 million in losses.

The seized domains and servers contained millions of records, including at least 100,000 pertaining to Dutch citizens. "The Manipulaters" marketed their services under various brands, including Heartsender, Fudpage, and Fudtools which specialized in spam and malware dissemination. The U.S. Department of Justice stated that Saim Raza-run websites not only sold the tools, but they also provided training to end users through instructional videos on how to execute schemes using the malicious programs, making them accessible to those without the technical expertise. The service was estimated to have thousands of customers. The tools were used to acquire victim user credentials which were then utilized to further the fraudulent schemes. Users can check to see if they were impacted by credential theft via a Dutch Police website.

Recommended read:
References :
  • ciso2ciso.com: U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
  • krebsonsecurity.com: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
  • The Hacker News: U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
  • ciso2ciso.com: The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.
  • ciso2ciso.com: The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.
  • Pyrzout :vm:: U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
  • krebsonsecurity.com: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang – Source: krebsonsecurity.com
  • www.trendingtech.news: Internationale samenwerking ontmantelt phishingnetwerk 'the manipulaters'
  • Pyrzout :vm:: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang .S.DepartmentofJustice 'er-Do-WellNews
  • hackread.com: Joint US-Dutch operation dismantled the HeartSender cybercrime network.
  • www.justice.gov: Cybercrime websites selling hacking tools to transnational organized crime groups were seized.
  • thecyberexpress.com: The Cyber Express article about the Justice Department disrupting a cybercrime network selling hacking tools.
  • www.justice.gov: This website contains the latest news about cybersecurity incidents and attacks.
  • Information Security Buzz: DoJ, Dutch Authorities Seize 39 Domains Selling Malicious Tools
  • ciso2ciso.com: Law enforcement seized the domains of HeartSender cybercrime marketplaces – Source: securityaffairs.com
  • ciso2ciso.com: Law enforcement seized the domains of HeartSender cybercrime marketplaces
  • SecureWorld News: Secure World article about Operation Heart Blocker and the disruption of a phishing network.
info@thehackernews.com (The Hacker News)@The Hacker News - 87d

Interpol's Operation HAECHI V Nets 5,500+ Arrests - Operation HAECHI V, a global cybercrime operation involving 40 countries, resulted in over 5,500 arrests and the seizure of over $400 million in assets.
Interpol's Operation HAECHI V, a five-month international operation involving 40 countries, has resulted in a major blow to global cybercrime. More than 5,500 suspects were arrested, and over $400 million in assets, including virtual assets and government-backed currencies, were seized. The operation targeted a wide range of financial crimes, such as voice phishing, romance scams, sextortion, business email compromise (BEC), and investment fraud. This success highlights the growing need for international cooperation in combating cybercrime's borderless nature.

The operation's success is largely attributed to the collaboration between law enforcement agencies across 40 countries, territories, and regions. Interpol's Global Rapid Intervention of Payments (I-GRIP) initiative played a crucial role in tracking and intercepting the stolen funds. A significant achievement was the joint dismantling of a large voice phishing syndicate in East Asia by Korean and Beijing authorities, which had defrauded over 1,900 victims of $1.1 billion. This syndicate used tactics such as impersonating law enforcement officials and employing counterfeit identification.

Operation HAECHI V also led to increased awareness of emerging cryptocurrency fraud techniques, specifically the USDT Token Approval Scam. Interpol issued a Purple Notice warning member countries about this new scam, where criminals use romance-themed baits to trick victims into authorizing access to their wallets. Interpol Secretary General Valdecy Urquiza emphasized the devastating impact of cybercrime and underscored the importance of continued international cooperation to combat this growing threat. The operation's success demonstrates the potential of collaborative efforts in making both the real and digital worlds safer.

Recommended read:
References :
  • malware.news: Such an operation has prompted increased awareness of the growing prevalence of stablecoin theft, noted Interpol, which has committed to continuing the South Korea-backed cybercrime crackdown operation.
  • securityaffairs.com: International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized over $400 million.
  • The Hacker News: A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.
  • hackread.com: Report on Operation HAECHI V, a large-scale international cybercrime operation resulting in numerous arrests and asset seizures.
Pierluigi Paganini@Security Affairs - 85d

Germany Shuts Down Major Crime Marketplace Crimenetwork - German authorities shut down Crimenetwork, a major online criminal marketplace, arresting an administrator.
German authorities have shut down Crimenetwork, the country's largest online criminal marketplace, resulting in the arrest of a 29-year-old suspected technical administrator. Operating since 2012, the platform facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data. The takedown, which involved seizing expensive vehicles and approximately €1 million in digital assets, represents a significant blow to cybercrime in the German-speaking region. Crimenetwork boasted over 100,000 users and more than 100 sellers before its closure, generating millions of dollars in cryptocurrency transactions between 2018 and 2024.

The arrested administrator is suspected of drug trafficking and is currently in custody. Police obtained extensive user and transaction data during raids, suggesting further arrests may follow. The operation highlights the ongoing global effort to combat online criminal marketplaces and underscores the significant financial gains generated by such platforms. The success of this operation, alongside recent crackdowns on similar platforms such as MATRIX and PopeyeTools, shows the increased global cooperation in combating online crime.

Recommended read:
References :

Blogs

Research Tools