In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.
What Is Crypto Mining, and Why Is It Controversial?
Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.
Why Was This Setup a Problem?
While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.
The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.
Not the First Incident
This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.
Wider Energy and Security Impacts
Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.
Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.
The Environmental Cost
Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.
Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.
Further investigation by the US government revealed that these actors were working to steal money for the North Korean government and use the funds to run its government operations and its weapons program.
The US has imposed strict sanctions on North Korea, which restrict US companies from hiring North Korean nationals. It has led to threat actors making fake identities and using all kinds of tricks (such as VPNs) to obscure their real identities and locations. This is being done to avoid getting caught and get easily hired.
Recently, the threat actors have started using spoof tactics such as voice-changing tools and AI-generated documents to appear credible. In one incident, the scammers somehow used an individual residing in New Jersey, who set up shell companies to fool victims into believing they were paying a legitimate local business. The same individual also helped overseas partners to get recruited.
The clever campaign has now come to an end, as the US Department of Justice (DoJ) arrested and charged a US national called Zhenxing “Danny” Wanf with operating a “year-long” scam. The scheme earned over $5 million. The agency also arrested eight more people - six Chinese and two Taiwanese nationals. The arrested individuals are charged with money laundering, identity theft, hacking, sanctions violations, and conspiring to commit wire fraud.
In addition to getting paid in these jobs, which Microsoft says is a hefty payment, these individuals also get access to private organization data. They exploit this access by stealing sensitive information and blackmailing the company.
One of the largest and most infamous hacking gangs worldwide is the North Korean state-sponsored group, Lazarus. According to experts, the gang extorted billions of dollars from the Korean government through similar scams. The entire campaign is popular as “Operation DreamJob”.
"To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers," said Microsoft.
Last week, the International Criminal Court (ICC) announced that it had discovered a new advanced and targeted cybersecurity incident. Its response mechanism and prompt discovery helped to contain the attack.
The ICC did not provide details about the attackers’ intentions, any data leaks, or other compromises. According to the statement, the ICC, which is headquartered in The Hague, the Netherlands, is conducting a threat evaluation after the attack and taking measures to address any injuries. Details about the impact were not provided.
The constant support of nations that have ratified the Rome Statute helps the ICC in ensuring its capacity to enforce its mandate and commitment, a responsibility shared by all States Parties. “The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges,” ICC said.
The ICC was founded in 2002 through the Rome Statute, an international treaty, by a coalition of sovereign states, aimed to create an international court that would prosecute individuals for international crimes– war crimes, genocide, terrorism, and crimes against humanity. The ICC works as a separate body from the U.N. International Court of Justice, the latter brings cases against countries but not individuals.
In 2023, the ICC reported another cybersecurity incident. The attack was said to be an act of espionage and aimed at undermining the Court’s mandate. The incident had caused it to disconnect its system from the internet.
In the past, the ICC has said that it had experienced increased security concerns as threats against its various elected officials rose. “The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court's mandate," ICC said.
The recent notable arrests issued by the ICC include Russian President Vladimir Putin and Israeli Prime Minister Benjamin Netanyahu.
Cybersecurity researchers are sounding the alarm over a fresh wave of cyberattacks now targeting insurance companies in the United States. This marks a concerning shift in focus by an active hacking group previously known for hitting retail firms in both the United Kingdom and the U.S.
The group, tracked by multiple cybersecurity teams, has been observed using sophisticated social engineering techniques to manipulate employees into giving up access. These tactics have been linked to earlier breaches at major companies and are now being detected in recent attacks on U.S.-based insurers.
According to threat analysts, the attackers tend to work one industry at a time, and all signs now suggest that insurance companies are their latest target. Industry experts stress that this sector must now be especially alert, particularly at points of contact like help desks and customer support centers, where attackers often try to deceive staff into resetting credentials or granting system access.
In just the past week, two U.S. insurance providers have reported cyber incidents. One of them identified unusual activity on its systems and disconnected parts of its network to contain the damage. Another confirmed experiencing disruptions traced back to suspicious network behavior, prompting swift action to protect data and systems. In both cases, full recovery efforts are still ongoing.
The hacking group behind these attacks is known for using clever psychological tricks rather than just technical methods. They often impersonate employees or use aggressive language to pressure staff into making security mistakes. After gaining entry, they may deploy harmful software like ransomware to lock up company data and demand payment.
Experts say that defending against such threats starts with stronger identity controls. This includes limiting access to critical systems, separating user accounts with different levels of privileges, and requiring strict verification before resetting passwords or registering new devices for multi-factor authentication (MFA).
Training staff to spot impersonation attempts is just as important. These attackers may use fake phone calls, messages, or emails that appear urgent or threatening to trick people into reacting without thinking. Awareness and skepticism are key defenses.
Authorities in other countries where similar attacks have taken place have also advised companies to double-check their security setups. Recommendations include enabling MFA wherever possible, keeping a close eye on login attempts—especially from unexpected locations—and reviewing how help desks confirm a caller’s identity before making account changes.
As cybercriminals continue to evolve their methods, experts emphasize that staying informed, alert, and proactive is essential. In industries like insurance, where sensitive personal and financial data is involved, even a single breach can lead to serious consequences for companies and their customers.
The FBI recently raised concerns about a large-scale cybercrime network that has quietly taken control of millions of smart gadgets used in homes across the United States. This cyber threat, known as BADBOX 2.0, targets everyday devices such as TV streaming boxes, digital projectors, tablets, and even entertainment systems in cars.
What is BADBOX 2.0?
Unlike common malware that slows down or damages devices, BADBOX 2.0 silently turns these gadgets into part of a hidden network called a residential proxy network. This setup allows cybercriminals to use the victim's internet connection to carry out illegal activities, including online advertising fraud and data theft, without the device owner realizing anything is wrong.
Which Devices Are at Risk?
According to the FBI, the types of devices most affected include:
1. TV streaming boxes
2. Digital projectors
3. Aftermarket car infotainment systems
4. Digital photo frames
Many of these products are imported, often sold under unfamiliar or generic brand names. Some specific models involved in these infections belong to device families known as TV98 and X96, which are still available for purchase on popular online shopping platforms.
How Does the Infection Spread?
There are two main ways these devices become part of the BADBOX 2.0 network:
Pre-installed Malware: Some gadgets are already infected before they are even sold. This happens when malicious software is added during the manufacturing or shipping process.
Dangerous App Downloads: When setting up these devices, users are sometimes directed to install apps from unofficial sources. These apps can secretly install harmful software that gives hackers remote access.
This method shows how BADBOX 2.0 has advanced from its earlier version, which focused mainly on malware hidden deep within the device's firmware.
Signs Your Device May Be Infected
Users should watch for warning signs such as:
• The device asks to disable security protections like Google Play Protect.
• The brand is unfamiliar or seems generic.
• The device promises free access to paid content.
• You are prompted to download apps from unknown stores.
• Unusual or unexplained internet activity appears on your home network.
How to Stay Safe
The FBI recommends several steps to protect your home network:
1. Only use trusted app stores, like Google Play or Apple’s App Store.
2. Be cautious with low-cost, no-name devices. Extremely cheap gadgets are often risky.
3. Monitor your network regularly for unfamiliar devices or strange internet traffic.
4. Keep devices updated by installing the latest security patches and software updates.
5. If you believe one of your devices may be compromised, it is best to disconnect it immediately from your network and report the issue to the FBI through their official site at www.ic3.gov.
6. Be Careful with Cheap Deals
As experts warn, extremely low prices can sometimes hide dangerous risks. If something seems unusually cheap, it could come with hidden cyber threats.
The government seized $7.7m in funds in 2023 that involved Sim Hyon Sop- a worker at the North Korean Foreign Trade Bank (FTB) who joined hands with IT workers to launder the money for Pyongyang.
According to the complaint, the North Korean IT workers escaped security via fraud IDs and tactics that hid their real location. The salaries were credited in stablecoins like USDT and USDC.
To launder the money, employees created accounts using fake IDs, transferred funds in small amounts to other blockchains (chain hopping), and/or converted them into other digital currencies (token swapping).
Scammers also bought non-fungible tokens (NFTs) and used US accounts to make their operations look real. Sim worked with Kim Sang Man, the CEO of the “Jinyong IT Cooperation Company,” who served as a middleman between the FTB and the IT workers.
According to the Justice Department’s National Security Division, North Korea, for years has “exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs.”
Department head Sue Bai said, “Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”
North Korean IT workers have been slithering their way into employment in US firms for many years. However, the advancement of these operations was exposed in 2024 when security expert KnowBe4 disclosed that even their organization was tricked into hiring an IT specialist from North Korea.
After that, Google has cautioned that US businesses remain a primary target and also warned that the threat actors have nor started focusing their operations at Europan firms. While few do normal work to get paid, there is also a concern that their organization access allows them to extract important data and use it for extortion.
Recently, a mysterious leaker exposed leaders behind Trickbot and Conti ransomware, hacking groups that are known for some of the biggest extortions in recent times.
Recently, The Register contacted an anonymous individual known by the alias GangExposed, who is on a personal mission to “fight against an organized society of criminals known worldwide”. GangExposed takes pleasure in thinking he can rid society of at least some of the cybercriminals. "I simply enjoy solving the most complex cases,” he said.
One of the criminals doxxed is Stern, the mastermind of Conti ransomware operations and TrickBot. GangExposed claims Stern is Vitaly Nikolaevich, CySecurity reported about this case recently.
After the doxxing of Stern, GangExposed went after another important criminal, AKA professor, who is a 39-year-old Russian called Vladimir Viktorovich Kvitko. He is living in Dubai. Apart from exposing important individuals, GangExposed also leaked videos, ransom negotiations, and chat logs.
The leaker said it was not an “IT guy,” it just observed patterns that other people missed.
"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," the leaker said.
"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than most of my investigations' subjects."
To expose the IDs of infamous threat actors, GangExposed used information received via “semi-closed databases, darknet services,” and through purchases. It has “access to the leaked FSB border control database.” GangExposed claims it purchased the database from the dark web for $250,000.
GangExposed could have gotten at least $10 million in bounty from the FBI if it wanted to, but it has decided not to demand money. This suggests the leakers may be resentful of former members looking for revenge, while some experts think taking the bounty would make them criminal as well.
CySecurity had earlier reported on this incident, you can read the full story about the international crackdown on cybercrime gangs here.
The Federal Criminal Police of Journey “BKA” has claimed that Stern, the leader of TrickBot and Conti cybercrime gangs, is Vitaly Nikolaevich Kovalev, a 36-year-old Russian.
According to BKA, he is suspected of founding the ‘TrickBot’ group, aka ‘Wizard Spider. ' This was part of Operation Endgame, a collaborative global crackdown against malware infrastructure and hackers behind it. The gang used TrickBot and other malware, such as SystemBC, Bazarloader, Ryuk, Diavol, Conti, and IcedID.
According to Interpol, Kovalev is wanted in Germany. He is charged with being the mastermind of an unnamed criminal gang.
This is not the first time Kovalev has been charged with participating in a cybercrime organization. In 2023, he was one of seven Russians charged in the US for their connections to the Conti and TrickBot cybercrime gangs.
At that time, he was only charged as a senior member of the TrickBot gang using the aliases “Bergen,” “Ben,” “Bentley,” and “Alex Konor.”
The sanctions were announced after massive information leaks from Conti and TrickBot members called ContiLeaks and TrickLeaks.
Contileaks gave access to the gang’s inside conversations and source code, and TrickLeaks even leaked the identities, and personal information of TrickBot members, and online accounts on X (former Twitter).
These chats revealed that Kovalev aka “Stern” was heading the TriickBot operation and Conti and Ryuk ransomware groups. The chats revealed members asking Stern permission before launching attacks or getting lawyers for TrickBot members captured in the U.S.
The leaks led to a speedy crackdown on Conti, the gang members switching to other operations or forming new criminal groups such as BlackCat, LockBit, Royal, Black Basta, AvosLocker, Zeon, and DagonLocker.
BKA’s investigation revealed that the “TrickBot group consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit-oriented.”
BKA said that the “group is responsible for the infection of several hundred thousand systems in Germany and worldwide; through its illegal activities, it has obtained funds in the three-digit million range. Its victims include hospitals, public facilities, companies, public authorities, and private individuals."
Kovalev is in hiding and German police believe that he may be in Russia. The police have asked for any info that could lead to his arrest.
A major criminal network operating on the dark web has been disrupted in a large international operation led by the FBI. Over 270 individuals have been arrested for their involvement in the online trade of dangerous illegal drugs such as fentanyl, meth, and cocaine. This operation involved law enforcement teams from the United States, Europe, South America, and Asia.
What is the dark web?
The dark web is a hidden part of the internet that isn’t available through standard search engines or browsers. It requires special tools to access and is often used to hide users’ identities. While it can offer privacy to those in danger or under surveillance, it is also known for being a place where criminals carry out illegal activities — from drug dealing to selling stolen data and weapons.
What was Operation RapTor?
The FBI’s mission, called Operation RapTor, focused on stopping the sale of illegal drugs through online black markets. Authorities arrested hundreds of people connected to these sites — not just the sellers, but also the buyers, website managers, and people who handled the money.
One of the most alarming parts of this case was the amount of fentanyl recovered. Authorities seized more than 317 pounds of it. According to FBI estimates, just 2 pounds of fentanyl could potentially kill about 500,000 people. This shows how serious the danger was.
Why this matters
These drug sellers operated from behind screens, often believing they were untouchable because of the privacy the dark web provides. But investigators were able to find out who they were and stop them from doing more harm. According to FBI leaders, these criminals contributed to drug addiction and violence in many communities across the country.
Aaron Pinder, a key official in the FBI’s cybercrime unit, said the agency has improved at identifying people hiding behind dark web marketplaces. Whether someone is managing the site, selling drugs, moving money, or simply buying drugs, the FBI is now better equipped to track them down.
What’s next?
While this operation won’t shut down the dark web completely, it will definitely make a difference. Removing major players from the drug trade can slow down their operations and make it harder for others to take their place — at least for now.
This is a strong reminder that the dark web, no matter how hidden, is not out of reach for law enforcement. And efforts like these could help save many lives by cutting off the supply of deadly drugs.
A new report from IBM’s X-Force 2025 Threat Intelligence Index shows that cybercriminals are changing their tactics. Instead of mainly using ransomware to lock systems, more hackers are now trying to quietly steal login information. IBM studied over 150 billion security events each day from 130+ countries and found that infostealers, a type of malware sent through emails to steal data, rose by 84% in 2024 compared to 2023.
This change means that instead of damaging systems right away, attackers are sneaking into networks to steal passwords and other sensitive information. Mark Hughes, a cybersecurity leader at IBM, said attackers are finding ways into complex cloud systems without making a mess. He also advised businesses to stop relying on basic protection methods. Instead, companies should improve how they manage passwords, fix weaknesses in multi-factor authentication, and actively search for hidden threats before any damage happens.
Critical industries such as energy, healthcare, and transportation were the main targets in the past year. About 70% of the incidents IBM helped handle involved critical infrastructure. In around 25% of these cases, attackers got in by taking advantage of known flaws in systems that had not been fixed. Many hackers now prefer stealing important data instead of locking it with ransomware. Data theft was the method in 18% of cases, while encryption-based attacks made up only 11%.
The study also found that Asia and North America were attacked the most, together making up nearly 60% of global incidents. Asia alone saw 34% of the attacks, and North America had 24%. Manufacturing businesses remained the top industry targeted for the fourth year in a row because even short outages can seriously hurt their operations.
Emerging threats related to artificial intelligence (AI) were also discussed. No major attacks on AI systems happened in 2024, but experts found some early signs of possible risks. For example, a serious security gap was found in a software framework used to create AI agents. As AI technology spreads, hackers are likely to build new tools to attack these systems, making it very important to secure AI pipelines early.
Another major concern is the slow pace of fixing vulnerabilities in many companies. IBM found that many Red Hat Enterprise Linux users had not updated their systems properly, leaving them open to attacks. Also, ransomware groups like Akira, Lockbit, Clop, and RansomHub have evolved to target both Windows and Linux systems.
Lastly, phishing attacks that deliver infostealers increased by 180% in 2024 compared to the year before. Even though ransomware still accounted for 28% of malware cases, the overall number of ransomware incidents fell. Cybercriminals are clearly moving towards quieter methods that focus on stealing identities rather than locking down systems.