@techcrunch.com - 20d
A global police operation involving agencies from Europe, Japan, the U.S., and the U.K. has successfully seized the dark web leak site of the 8Base ransomware gang. The takedown message displayed on the site was confirmed as legitimate by Lucy Sneddon, a spokesperson for the U.K.’s National Crime Agency. While the U.K. played a supportive role, other involved agencies have not yet commented. Security researchers first noticed the seizure notice earlier this week.
This operation is part of a larger effort targeting ransomware gangs. In a related development, authorities have arrested four suspected Phobos ransomware hackers in Phuket, Thailand. These individuals are accused of conducting cyberattacks on over 1,000 victims worldwide and extorting $16,000,000 worth of Bitcoin. The operation, codenamed "Phobos Aetor," involved raids across multiple locations.
Recommended read:
References :
- CyberInsider: Phobos Ransomware Gang Dismantled in International Sting
- BleepingComputer: Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
- BleepingComputer: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
- bsky.app: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
- Carly Page: Mastodon post confirming the takedown of 8Base's leak site.
- techcrunch.com: TechCrunch reports on the global police operation seizing the 8base ransomware gang leak site.
- www.bleepingcomputer.com: BleepingComputer's report on the takedown of 8Base's dark web sites.
- DataBreaches.Net: Reports on police arresting 4 Phobos ransomware suspects and seizing 8Base sites.
- Threats | CyberScoop: cyberscoop article on 8base
- cyberscoop.com: Thai authorities detain four Europeans in ransomware crackdown
- Anonymous ???????? :af:: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites.
- The Register - Security: The Register: All your 8Base are belong to us: Ransomware crew busted in global sting
- securityaffairs.com: Report on the 8Base ransomware takedown highlighting the international collaboration.
- The Hacker News: The Hacker News: 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
- www.helpnetsecurity.com: The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware.
- BleepingComputer: Police arrests 2 Phobos ransomware suspects, seizes 8Base sites - BleepingComputer
- socradar.io: International Operation Targets 8Base and Phobos Ransomware Gangs In a coordinated global effort, law enforcement agencies have successfully dismantled the dark web infrastructure of the 8Base ransomware gang and arrested four individuals linked to the Phobos ransomware.
- Help Net Security: 8Base ransomware group leaders arrested, leak site seized
- PCMag UK security: An international operation has dealt a major blow to a cybergang known as 8Base, which used the Phobos to infect hundreds of companies and organizations.
- techcrunch.com: Authorities arrest four suspected 8base ransomware operators in global takedown
- www.europol.europa.eu: Report on the global law enforcement operation that led to the arrests.
- Security Boulevard: Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
- securityboulevard.com: With "Operation Phobos Aetor," international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation.
- securityaffairs.com: Global law enforcement operation targeting the 8Base ransomware gang and related criminal activity.
- Carly Page: A global law enforcement operation has led to the arrest of four individuals who authorities accuse of being key figures in the 8base ransomware operation. The four suspects are accused of amassing $16 million through ransomware attacks against more than 1,000 organizations globally
- www.csoonline.com: Law enforcement agencies from 14 countries collaborated in an investigation against the related Phobos and 8Base ransomware operations, arresting four suspects and seizing 27 servers, including the data leak and ransom negotiation websites.
@www.bleepingcomputer.com - 30d
Operation Talent, a large-scale international law enforcement effort, has successfully dismantled two major cybercrime forums, Cracked and Nulled. These platforms, with a combined user base exceeding 9 million, were hubs for the distribution of illegal goods, including stolen data, malware, and hacking tools. The operation, led by German authorities with the cooperation of eight countries, involved the seizure of 12 domains, 17 servers, over 50 electronic devices, and approximately €300,000 in cash and cryptocurrencies. Two individuals were arrested in Spain and are believed to be the main operators of both forums and related services.
The takedown of Cracked and Nulled, executed between January 28th and 30th, also targeted associated services like Sellix, a payment processor used by Cracked, and StarkRDP, a hosting service promoted on both platforms. Investigators estimate that the suspects generated around €1 million in criminal proceeds through these illegal activities. Europol played a key role, providing forensic and analytical support to the authorities. The collaborative effort highlights the growing threat of “cybercrime-as-a-service”, where readily available tools and infrastructure are used to launch attacks by those with varying levels of technical knowledge.
Recommended read:
References :
- ciso2ciso.com: International Operation Dismantles Cracked and Nulled Cybercrime Hubs – Source: www.infosecurity-magazine.com
- www.bleepingcomputer.com: Police seizes Cracked and Nulled hacking forum servers, arrests suspects
- www.helpnetsecurity.com: Cybercrime forums Cracked and Nulled seized, operators arrested
- www.the420.in: Global Cybercrime Forums Cracked and Nulled Shut Down in International Sting Operation
- : International Operation Dismantles Cracked and Nulled Cybercrime Hubs – Source: www.infosecurity-magazine.com
- Techmeme: Europol and German law enforcement arrest two suspects and seize 17 servers to take down Cracked and Nulled, two of the largest hacking forums with 10M+ users
- securityonline.info: Europol Smashing Cybercrime Hubs: Cracked & Nulled Taken Down
- www.techmeme.com: Techmeme summarizes the news about the Europol takedown of Cracked and Nulled hacking forums, citing BleepingComputer as a source.
- securityonline.info: Security Online summarizes the Europol operation that led to the takedown of Cracked and Nulled cybercrime forums.
- The Hacker News: The Hacker News reports on the authorities seizing the domains of popular hacking forums as part of a major cybercrime crackdown.
- Help Net Security: Cybercrime forums Cracked and Nulled seized, operators arrested
- hackread.com: Operation Talent: Two Arrested as Authorities Dismantle Cracked and Nulled
- cyberinsider.com: This article discusses Europol and the FBI's coordinated takedown of the large cybercrime forums, Cracked and Nulled.
- CyberInsider: In a coordinated international effort, Europol and the FBI have dismantled Cracked.io and Nulled.to, two of the world's largest cybercrime forums, seizing their domains and shutting down associated services.
- securityaffairs.com: Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
- socradar.io: Operation Talent: FBI Takes Down Cracked.io and Nulled.to in Global Cybercrime Crackdown
- techcrunch.com: International police coalition takes down two prolific cybercrime and hacking forums
- www.justice.gov: This website contains the latest news about cybersecurity incidents and attacks.
- BleepingComputer: Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users.
- infosec.exchange: NEW: An international coalition of law enforcement agencies announced it has seized and taken down two prominent hacking forums with more than 10 million users. German police called Cracked and Nulled “the world’s two largest trading platforms for cybercrime.� Operation has also led to several arrests, searches of properties, as well as seizure of servers, electronic devices, cash, and cryptocurrency.
- : U.S. Department of Justice : See parent toot above for EUROPOL announcement. The U.S. DOJ finally has their own press release for the takedown of cybercrime forums Cracked and Nulled. It has substantially more information about each case, definitely worth a read.
- The420.in: Global authorities have dismantled Cracked.io and Nulled.to, two major cybercrime forums with 10M+ users.
- DataBreaches.Net: Law enforcement has been busy. As reported yesterday, Cracked and Nulled forums were seized along with services associated with them financially.
- thecyberexpress.com: This website provides cybersecurity news and updates on various attacks.
@cyberinsider.com - 14d
Dutch Police have dismantled the ZServers/XHost bulletproof hosting operation, seizing 127 servers. The takedown follows a year-long investigation into the network, which has been used by cybercriminals to facilitate illegal activities. This includes the spread of malware, botnets, and various cyberattacks.
Earlier this week, authorities in the United States, Australia, and the United Kingdom announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations. ZServers was accused of facilitating LockBit ransomware attacks and supporting the cybercriminals' efforts to launder illegally obtained money, according to The Record. The Cybercrime Team Amsterdam will conduct an additional probe of the servers, as the company advertised the possibility for customers to allow criminal acts from its servers while remaining anonymous to law enforcement.
Recommended read:
References :
- cyberinsider.com: Police Dismantle Bulletproof Hosting Provider ZServers/XHost
- gbhackers.com: Dutch Authorities Dismantle Network of 127 Command-and-Control Servers
- www.bleepingcomputer.com: The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform.
- www.scworld.com: Zservers/XHost servers dismantled by Dutch police
- Metacurity: Dutch cops dismantle ZServers bulletproof hosting operation
- BleepingComputer: The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform.
- CyberInsider: Police Dismantle Bulletproof Hosting Provider ZServers/XHost
- DataBreaches.Net: Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
- www.politie.nl: Politie Amsterdam ontmantelt digitaal crimineel netwerk; 127 servers offline gehaald - "an investigation of over a year, dismantled a bulletproof hoster on the Paul van Vlissingenstraat in Amsterdam. During the raid on February 12, 127 servers were taken offline and seized."
- Cybernews: After a year-long investigation, Amsterdam's Cybercrime Team shut down a bulletproof hosting provider, seizing 127 servers.
- securityaffairs.com: Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
Pierluigi Paganini@Security Affairs - 88d
German authorities have shut down Crimenetwork, the country's largest online criminal marketplace, resulting in the arrest of a 29-year-old suspected technical administrator. Operating since 2012, the platform facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data. The takedown, which involved seizing expensive vehicles and approximately €1 million in digital assets, represents a significant blow to cybercrime in the German-speaking region. Crimenetwork boasted over 100,000 users and more than 100 sellers before its closure, generating millions of dollars in cryptocurrency transactions between 2018 and 2024.
The arrested administrator is suspected of drug trafficking and is currently in custody. Police obtained extensive user and transaction data during raids, suggesting further arrests may follow. The operation highlights the ongoing global effort to combat online criminal marketplaces and underscores the significant financial gains generated by such platforms. The success of this operation, alongside recent crackdowns on similar platforms such as MATRIX and PopeyeTools, shows the increased global cooperation in combating online crime.
Recommended read:
References :
- securityaffairs.com: Security Affairs' article about the shutdown of Crimenetwork.
- therecord.media: The Record's report on the arrest of Crimenetwork's administrator.
- DataBreaches.Net: News article about the shutdown of Crimenetwork.
- malware.news: Report on the takedown of Crimenetwork and the arrest of an administrator.
|
|
FlagThis - #takedown