Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Crime. Show all posts
ransomware-as-a-service
Black Basta Ransomware Cyber Crime Cybercrime Investigation European law enforcement ransomware arrests ransomware-as-a-service

European Authorities Identify Black Basta Operatives, Add Alleged Ringleader to EU Most Wanted List

 

Law enforcement agencies in Ukraine and Germany have identified two Ukrainian nationals suspected of collaborating with the Russia-linked ransomware-as-a-service (RaaS) group known as Black Basta.

Authorities also confirmed that the group’s alleged leader, 35-year-old Russian citizen Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been placed on both the European Union’s Most Wanted list and INTERPOL’s Red Notice database.

"According to the investigation, the suspects specialized in technical hacking of protected systems and were involved in preparing cyberattacks using ransomware," Ukraine’s Cyber Police said in an official statement.

Investigators revealed that the two suspects allegedly operated as “hash crackers,” focusing on extracting passwords from secured systems using specialized tools. Once credentials were obtained, other members of the ransomware operation infiltrated corporate networks, deployed ransomware, and demanded payment in exchange for restoring access to encrypted data.

Search operations carried out at the suspects’ homes in Ivano-Frankivsk and Lviv resulted in the seizure of digital storage devices and cryptocurrency holdings, authorities said.

Active since April 2022, Black Basta has reportedly attacked more than 500 organizations across North America, Europe, and Australia. The ransomware group is believed to have generated hundreds of millions of dollars in cryptocurrency through extortion payments.

In early 2025, a cache of internal Black Basta chat logs spanning roughly a year surfaced online. The leaked material provided rare insight into the group’s hierarchy, internal communications, key participants, and the security flaws they exploited to gain initial access to victim networks.

Those leaks identified Nefedov as the central figure behind Black Basta, noting that he operated under multiple aliases including Tramp, Trump, GG, and AA. Additional documents alleged that he maintained links with senior Russian political figures and intelligence services, including the FSB and GRU.

Investigators believe Nefedov used these alleged connections to shield his activities and avoid prosecution. Analysis by Trellix later indicated that despite being arrested in Yerevan, Armenia, in June 2024, Nefedov managed to secure his release. Other aliases attributed to him include kurva, Washingt0n, and S.Jimmi. While he is believed to be residing in Russia, his precise location remains unknown.

Further intelligence has linked Nefedov to Conti, the now-defunct ransomware group that emerged in 2020 as a successor to Ryuk. In August 2022, the U.S. State Department announced a $10 million reward for information leading to five individuals associated with Conti, including Target, Tramp, Dandis, Professor, and Reshaev.

Black Basta emerged as an independent operation following the Conti brand’s shutdown in 2022, alongside groups such as BlackByte and KaraKurt. Former Conti affiliates also dispersed to other ransomware operations including BlackCat, Hive, AvosLocker, and HelloKitty, many of which have since ceased activity.

A separate report released this week by Analyst1 highlighted Black Basta’s heavy reliance on Media Land, a bulletproof hosting provider sanctioned by the U.S., U.K., and Australia in November 2025, along with its general director Aleksandr Volosovik, also known as Yalishanda. Despite the sanctions, the group allegedly received preferential, VIP-level service.

"[Nefedov] served as the head of the group. As such, he decided who or which organisations would be the targets of attacks, recruited members, assigned them tasks, took part in ransom negotiations, managed the ransom obtained by extortion, and used it to pay the members of the group," Germany’s Federal Criminal Police Office (BKA or Bundeskriminalamt) stated.

Following the leaks, Black Basta appears to have ceased operations. The group has remained inactive since February and dismantled its data leak site later that month. However, cybersecurity experts caution that ransomware groups often dissolve only to reappear under new identities.

Reports from ReliaQuest and Trend Micro suggest that several former Black Basta affiliates may have transitioned to the CACTUS ransomware operation. This theory is supported by a sharp increase in victims listed on CACTUS’ leak site in February 2025, coinciding with Black Basta’s disappearance.
Read more »
Spain
Black Axe Gang Cyber Crime Europe Europol Germany Spain

Europol Cracks Down Gang Responsible for Cyber Crime Worth Billions


Europol’s joint operation to crackdown international gang

Europol recently arrested 34 people in Spain who are alleged to have a role in a global criminal gang called Black Axe. The operation was conducted by Spanish National Police and Bavarian State Criminal Police Office and Europol. 

Twenty eight individuals were arrested in Seville, three in Madrid and two in Malaga, and the last one in Barcelona. Among the 34 suspects, 10 individuals are from Nigeria. 

“The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries,” Europol said in a press release on its website. 

About Black Axe 

Black Axe is infamous for its role in various cyber crimes like frauds, human trafficking, prostitution, drug trafficking, armed robbery, kidnapping, and malicious spiritual activities. The gang annually earns roughly billions of euros via these operations that have a massive impact. 

Officials suspect that Black Axe is responsible for fraud worth over 5.94 million euros. During the operation, the investigating agencies froze 119352 euros in bank accounts and seized 66403 euros in cash during home searches. 

The crackdown 

Germany and Spain's cross-border cooperation includes the deployment of two German officers on the scene on the day of action, the exchange of intelligence, and the provision of analytical support to Spanish investigators. 

The core group of the organized crime network, which recruits money mules in underprivileged communities with high unemployment rates, was the objective of the operation. The majority of these susceptible people are of Spanish nationality and are used to support the illegal activities of the network.

Europol's key role

Europol provided a variety of services to help this operation, such as intelligence analysis, a data sprint in Madrid, and on-the-spot assistance. Mapping the organization's structure across nations, centralizing data, exchanging important intelligence packages, and assisting with coordinated national investigations have all been made possible by Europol. 

In order to solve the problems caused by the group's scattered little cases, cross-border activities, and the blurring of crimes into "ordinary" local offenses, this strategy seeks to disrupt the group's operations and recover assets.



Read more »
web3adspanels takedown
bank account hacking cackdown Cyber Crime SEO poisoning attacks US cybercrime c web3adspanels takedown

US Shuts Down Web3AdspAnels Platform Used in Large-Scale Bank Account Cyber Thefts

 

US authorities have taken down an online platform allegedly used by cybercriminals to gain unauthorized access to Americans’ bank accounts.

Visitors attempting to access web3adspanels.org are now met with a law enforcement seizure notice. Investigators say the site played a key role in SEO poisoning operations that targeted individuals by stealing their online banking credentials.

According to officials, criminals paid for premium placements on search engines, directing users to websites that appeared to belong to legitimate banks but were actually fraudulent. Unsuspecting users entered their login details, which were secretly captured and stored, while access to their real bank accounts never occurred.

The Justice Department explained that web3adspanels.org functioned as a centralized platform where stolen credentials could be stored, modified, and later used to attempt unauthorized access to bank accounts and initiate illegal money transfers. An FBI affidavit notes that at least 19 victims—including two businesses—across the US have been identified in connection with this specific scheme, though authorities believe it represents only a fraction of the broader account takeover issue.

Prosecutors linked approximately $28 million in attempted fraudulent transfers to the platform, with confirmed losses estimated at $14.6 million.

More broadly, the FBI’s Internet Crime Complaint Center (IC3) reported receiving over 5,100 similar complaints since the beginning of the year, with total reported losses exceeding $262 million.

While announcing the takedown, the Justice Department did not explain how attackers were able to bypass stronger security measures such as multi-factor authentication (MFA). The IC3 also did not clarify this point in an advisory issued last month. However, authorities noted that such campaigns frequently rely on social engineering rather than simple phishing, persuading victims to voluntarily share their credentials and, critically, their MFA codes or one-time passwords.

Once access is obtained, cybercriminals typically move funds into accounts they control and then convert the money into cryptocurrencies, a tactic that complicates tracking across blockchain networks. In many cases, attackers also change victims’ banking passwords, effectively locking them out of their own accounts, the FBI said.

IC3 data shows that losses tied to electronic crime have steadily increased since 2020, with cyber-enabled fraud accounting for 83 percent of the total $16.6 billion in reported losses in 2024.
Read more »
Ransomware
AI Cloud Cyber Crime Data Extortion Internet Ransomware

Former Cybersecurity Employees Involved in Ransomware Extortion Incidents Worth Millions


It is very unfortunate and shameful for the cybersecurity industry, when cybersecurity professionals themselves betray trust to launch cyberattacks against their own country. In a shocking incident, two men have admitted to working normal jobs as cybersecurity professionals during the day, while moonlighting as cyber attackers.

About accused

An ex-employee of the Israeli cybersecurity company Sygnia has pleaded guilty to federal crimes in the US for having involvement in ransomware cyberattacks aimed to extort millions of dollars from firms in the US. 

The culprit, Ryan Clifford Goldberg, worked as a cyber incident response supervisor at Sygnia, and accepted that he was involved in a year-long plan of attacking business around the US. 

Kevin Tyler Martin, another associate,who worked as an ex DigitalMint employee, worked as a negotiation intermediary with the threat actors, a role supposed to help ransomware targets, has also accepted involvement. 

The situation is particularly disturbing because both men held positions of trust inside the sector established to fight against such threats.

Accused pled guilty to extortion charges 

Both the accused have pleaded guilty to one count of conspiracy to manipulate commerce via extortion, according to federal court records. In the plea statement, they have accepted that along with a third actor (not charged and unknown), they both launched business compromises and ransom extortions over many years. 

Extortion worth millions 

In one incident, the actors successfully extorted over $1 million in crypto from a Florida based medical equipment firm. According to the federal court, besides their legitimate work, they deployed software ‘ALPHV BlackCat’ to extract and encode target’s data, and distributed the extortion money with the software’s developers. 

According to DigitalMint, two of the people who were charged were ex-employees. After the incident, both were fired and “acted wholly outside the scope of their employment and without any authorization, knowledge or involvement from the company,” DigitalMint said in an email shared with Bloomberg.

In a recent conversation with Bloomberg, Sygnia mentioned that it was not a target of the investigation and the accused Goldberg was relieved of his duties as soon as the news became known.

A representative for Sygnia declined to speak further, and Goldberg and Martin's lawyers also declined to comment on the report.

Read more »
Taiwan Bitcoin
Criminal Assets Cyber Crime Government Holdings Seized Crypto Taiwan Bitcoin

Taiwan Holds 210 BTC Seized from Criminals, Debates Bitcoin's Strategic Value

 

Taiwan’s government said it is holding more than 210.45 bitcoin, worth about $18 million, all of which were seized during criminal investigations related to fraud, money laundering, and other financial crime. This disclosure was in response to a legislator’s demand for information on the state’s digital asset balance, exposing Taiwan as the 10th largest government holder of bitcoin in the world. 

The value of the seized digital assets has amounted to nearly 1.3 billion NTD (about $41 million), including those in stablecoins and other cryptocurrencies. Taiwan’s stash of bitcoin is entirely the byproduct of law enforcement seizures, not strategic investing, and officials emphasise that these are funds gleaned from fighting cybercrime and financial misfeasance. 

In addition to bitcoin, the Taiwanese government also holds considerable amounts of stablecoins like USDT and USDC, as well as over 2,400 ethereum coins and smaller amounts of other digital tokens. Officials are seeking to standardize the storage, tracking and reporting of such assets systemwide so the media can be assured of transparency and security. 

The fate of the seized bitcoin remains undecided. Usually the practice is to auction the confiscated assets, and the proceeds are poured into the public coffers, but legislators have begun debating whether to categorize bitcoin as a strategic commodity. Some feel virtual assets are not just speculative commodities but could have a role in national security or financial sovereignty. 

Taiwan’s central bank has reportedly agreed to conduct a more detailed study of bitcoin, including potential regulatory schemes and experiments involving confiscated funds. It seems the acquisition of a long-term strategy would require legislative and regulatory guidance, an indication of the increasing relevance of digital assets as a matter of public policy and finance. 

Worldwide, over 640,000 BTC, which accounts for around 3% of all bitcoin supply, are held by governments, with the United States holding the largest amount, followed by China and the UK.Taiwan’s position highlights the expanding role of cryptocurrencies in law enforcement and national asset management.
Read more »
Scams
Cyber Crime Hacking IT information Korean Air Scams

Korean Air Confirms Employee Data Leak Linked to Third-Party Breach

 



Korean Air has confirmed that personal information belonging to thousands of its employees was exposed following a cyber incident at Korean Air Catering and Duty-Free, commonly referred to as KC&D. The company disclosed the issue after receiving notification from KC&D that its internal systems had been compromised by an external cyberattack.

KC&D, which provides in-flight meals and duty-free sales services, was separated from Korean Air in 2020 and now operates as an independent entity. Despite this separation, KC&D continued to store certain employee records belonging to Korean Air, which were housed on its enterprise resource planning system. According to internal communications, the exposed data includes employee names and bank account numbers. Korean Air estimates that information related to approximately 30,000 employees may have been affected.

The airline clarified that the incident did not involve passenger or customer data. Korean Air stated that, based on current findings, the breach was limited strictly to employee information stored within KC&D’s systems.

In an internal notice circulated to staff, Korean Air acknowledged that while the breach occurred outside its direct operational control, it is treating the situation with seriousness due to the sensitivity of the information involved. The company noted that it only became aware of the incident after KC&D formally disclosed the breach.

Following the notification, Korean Air said it immediately initiated emergency security measures and reported the matter to relevant authorities. The airline is actively working to determine the full extent of the exposure and identify all affected individuals. Employees have been advised to remain cautious of unexpected messages or unusual financial activity, as exposed personal information can increase the risk of scams and identity misuse.

Korean Air leadership reassured staff that there is currently no evidence suggesting further leakage of employee data beyond what has already been identified. The company also stated that it plans to conduct a comprehensive review of its data protection and security arrangements with external partners to prevent similar incidents in the future.

Although Korean Air has not officially attributed the attack to any specific group, a ransomware operation has publicly claimed responsibility for breaching KC&D’s systems. This claim has not been independently verified by Korean Air. Cybersecurity analysts have noted that the same group has been linked to previous attacks exploiting vulnerabilities in widely used enterprise software, often targeting third-party vendors as an entry point.

Ransomware groups typically operate by stealing sensitive data and threatening public disclosure to pressure victims. Such attacks increasingly focus on supply-chain targets, where indirect access can yield large volumes of data with fewer security barriers.

Korean Air stated that investigations are ongoing and that it will continue cooperating with authorities. The airline added that further updates and support will be provided to employees as more information becomes available.

Read more »
Ransomware
BlackCat Cyber Crime Insider Threat Plea Guilty Ransomware

Ex-Cybersecurity Pros Plead Guilty in $9.5M Ransomware Spree

 

Former incident responders Ryan Clifford Goldberg and Kevin Tyler Martin have pleaded guilty to participating in a series of ransomware attacks while working at cybersecurity firms tasked with helping organizations recover from such incidents. The case highlights a rare instance of trusted professionals abusing their positions to commit cybercrime, causing significant damage to multiple organizations in 2023.

Goldberg, formerly a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint, collaborated with an unnamed co-conspirator to carry out ransomware attacks using the ALPHV (BlackCat) ransomware variant. According to federal court records, the total losses caused by their actions exceeded $9.5 million. The attacks targeted a medical company in Florida, a pharmaceutical firm in Maryland, a California doctor’s office, an engineering company in California, and a drone manufacturer in Virginia. 

The indictment revealed that the trio received nearly $1.3 million in ransom payments from the Florida medical company in May 2023, but were unable to extort payments from the other victims. The ALPHV/BlackCat ransomware, first identified in late 2021, has been linked to numerous attacks on critical infrastructure providers, including the high-profile breach of UnitedHealth Group’s subsidiary Change Healthcare in 2024.

Goldberg and Martin each pleaded guilty to one count of conspiracy to interfere with interstate commerce by extortion, which reduces their maximum penalty from 50 years to 20 years in federal prison. As part of their plea agreements, both defendants are ordered to forfeit $342,000, representing the value of proceeds traced to their crimes. The court may also impose fines of up to $250,000 and additional restitution. 

A spokesperson for DigitalMint stated that the company cooperated fully with the Justice Department and supports the outcome as a step toward accountability. “His behavior is a clear violation of our values and ethical standards,” the spokesperson said, emphasizing that Martin’s actions were undertaken without the company’s knowledge or involvement. Sygnia did not immediately respond to requests for comment. 

Prosecutors noted that Goldberg and Martin abused their positions of trust and used their specialized skills to facilitate and conceal their crimes. Officials have indicated that they will recommend reduced sentences if both defendants make full, accurate, and complete disclosures of their offenses and refrain from committing further crimes.
Read more »
Scam Recovery
Cyber Crime Digital Arrest fraud prevention Karnataka Police Online fraud Scam Recovery

Karnataka’s Cybercrime Losses Soar as Scam Recoveries Plunge

 

Recoveries in Karnataka's cybercrime prosecutions are falling even as authorities ramp up specialized policing capability, reflecting how criminals are changing tactics faster than enforcement can counteract. Data from the State Legislature show that citizens lost ₹5,473.97 crore in 57,733 incidents of cybercrime over the last three years, with recoveries amounting to only approximately 11.5% of the total value, underlining the fraught nature of tracking and refunding monies once they leave a victim's account.

The Home Minister, G. Parameshwara, told the Legislature that Karnataka has risen to meet this challenge by forming focused cybercrime capacity with a total of 43 Cybercrime Economic and Narcotics (CEN) police stations around the state, along with a cyber command centre. Senior leadership has also been appointed at the state level to drive cyber investigations, which will further accelerate response times, ensure better coordination with banking institutions, and enhance technical capabilities. 

Notwithstanding these efforts, the minister acknowledged a critical gap: while the number of cases reported in 2025 (up to November 15) has declined, “there has been no significant difference in the money lost,” which suggests that the incidents are fewer but larger and better organized. Annual figures mirror both the scale of losses and the recovery challenge: in 2023, losses stood at ₹873 crore with ₹177 crore recovered; in 2024, losses jumped to ₹2,562 crore with ₹323 crore recovered; and in 2025, up to November 15, losses have been ₹2,038 crore, of which ₹127 crore has so far been recovered. 

According to investigators, the reason behind the decline in the number of recoveries is due to a shift in the way scammers operate—the rapid transfer of money from a network of accounts across international borders, making it difficult for law enforcement and banks to recover these amounts. At the same time, law enforcement agencies have also pointed out a shift in the type of fraud. For instance, “digital arrest” and stock investment fraud may take several hours or even days to commit. 

During the discussion in the House, the need for speed in reporting incidents is clearly highlighted. In the discussion, one legislator cited the risk that waiting to register the complaint can equate to the loss of those “crucial moments” necessary to halt the transaction transfers.
Read more »
Telegram
cryptocurrency Cyber Crime Dark Web Scams Telegram

Telegram-Based Crypto Scam Networks Are Now Larger Than Any Dark Web Market in History

 



For years, illegal online marketplaces were closely linked to the dark web. These platforms relied on privacy-focused browsers and early cryptocurrencies to sell drugs, weapons, stolen data, and hacking tools while remaining hidden from authorities. At the time, their technical complexity made them difficult to track and dismantle.

That model has now changed drastically. In 2025, some of the largest illegal crypto markets in history are operating openly on Telegram, a mainstream messaging application. According to blockchain intelligence researchers, these platforms no longer depend on sophisticated anonymity tools. Instead, they rely on encrypted chats, repeated channel relaunches after bans, and communication primarily in Chinese.

Analysis shows that Chinese-language scam-focused marketplaces on Telegram have reached an unprecedented scale. While enforcement actions earlier this year temporarily disrupted a few major platforms, activity quickly recovered through successor markets. Two of the largest currently active groups are collectively processing close to two billion dollars in cryptocurrency transactions every month.

These marketplaces function as service hubs for organized scam networks. They provide money-laundering services, sell stolen personal and financial data, host fake investment websites, and offer digital tools designed to assist fraud, including automated impersonation technologies. Researchers have also flagged listings that suggest serious human exploitation, adding to concerns about the broader harm linked to these platforms.

Their rapid growth is closely connected to large-scale crypto investment and romance scams. In these schemes, victims are gradually manipulated into transferring increasing amounts of money to fraudulent platforms. Law enforcement estimates indicate that such scams generate billions of dollars annually, making them the most financially damaging form of cybercrime. Many of these operations are reportedly run from facilities in parts of Southeast Asia where trafficked individuals are forced to carry out fraud under coercive conditions.

Compared with earlier dark web marketplaces, the difference in scale is striking. Previous platforms processed a few billion dollars over several years. By contrast, one major Telegram-based marketplace alone handled tens of billions of dollars in transactions between 2021 and 2025, making it the largest illicit online market ever documented.

Telegram has taken limited enforcement action, removing some large channels following regulatory scrutiny. However, replacement markets have repeatedly emerged, often absorbing users and transaction volumes from banned groups. Public statements from the platform indicate resistance to broad bans, citing privacy concerns and financial freedom for users.

Cryptocurrency infrastructure also plays a critical role in sustaining these markets. Most transactions rely on stablecoins, which allow fast transfers without exposure to price volatility. Analysts note that Tether is the primary stablecoin used across these platforms. Unlike decentralized cryptocurrencies, Tether is issued by a centralized company with the technical ability to freeze funds linked to criminal activity. Despite this capability, researchers observe that large volumes of illicit transactions continue to flow through these markets with limited disruption. Requests for comment sent to Tether regarding its role in these transactions did not receive a response at the time of publication.

Cybercrime experts warn that weak enforcement, fragmented regulation, and inconsistent platform accountability have created conditions where large-scale fraud operates openly. Without coordinated intervention, these markets are expected to continue expanding, increasing risks to users and the global digital economy.



Read more »
web domain seizure
bank account takeover Cyber Crime CyberCrime Fraud fraudulent ads US Justice Department web domain seizure

US Justice Department Seizes Web Domain Linked to Large-Scale Bank Account Takeover Fraud

 

The U.S. Justice Department (DoJ) on Monday revealed that it has taken control of a web domain and its associated database that were allegedly used to support a criminal operation aimed at defrauding Americans through bank account takeover fraud.

Authorities identified the seized domain, web3adspanels[.]org, as a backend control panel that enabled cybercriminals to store, manage, and exploit unlawfully obtained online banking credentials. Visitors attempting to access the site now encounter a seizure notice stating that the takedown was part of a coordinated international law enforcement effort involving officials from the United States and Estonia.

"The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing," the DoJ said. "These fraudulent advertisements imitate the sponsored search engine advertisements used by legitimate banking entities."

According to investigators, the deceptive ads redirected users to counterfeit banking websites controlled by the attackers. These fake portals were embedded with malicious software that captured login details entered by unsuspecting victims. The stolen credentials were then used to access real bank accounts, allowing the criminals to seize control and siphon off funds.

So far, the fraud scheme is believed to have impacted 19 victims across the United States, including two businesses located in the Northern District of Georgia. Officials estimate attempted financial losses of around $28 million, with confirmed losses reaching approximately $14.6 million.

The DoJ further noted that the seized domain contained banking login data belonging to thousands of victims and continued to function as an operational backend for account takeover fraud as recently as last month.

Separately, data from the U.S. Federal Bureau of Investigation (FBI) indicates a sharp rise in such incidents. Since January 2025, the Internet Crime Complaint Center (IC3) has logged more than 5,100 complaints related to bank account takeover fraud, with total reported losses exceeding $262 million.

Law enforcement agencies are urging the public to remain cautious when sharing personal information online or on social media. Users should regularly review bank statements for unusual activity, use strong and unique passwords, carefully verify banking website URLs before logging in, and remain alert to phishing attempts or suspicious calls.

Read more »
Ransomware
Cyber Crime Data Extortion Encryption Files RansomHouse Ransomware

RansomHouse Develops More Complex Encryption for Recent Attacks

 


The ransomware group known as RansomHouse has recently enhanced the encryption mechanism used in its attacks, moving away from a basic, single-step process to a more advanced, multi-layered approach. This change reflects a deliberate effort to strengthen the effectiveness of its ransomware operations.

Earlier versions of the encryptor relied on a linear method, where data was transformed in one continuous pass. The updated version introduces multiple stages of processing, which results in stronger encryption, improved execution speed, and greater stability across modern systems. These improvements increase the pressure on victims by making encrypted data harder to recover and negotiations more favorable for attackers after systems are locked.

RansomHouse first appeared in late 2021 as a cybercrime group focused on data extortion, where stolen information was used as leverage rather than encryption alone. Over time, the group expanded its tactics and began deploying ransomware encryptors during attacks. It also developed an automated tool, known as MrAgent, designed to simultaneously encrypt multiple VMware ESXi hypervisors, a technique that allows attackers to disrupt large virtualized environments efficiently.

In more recent activity, security analysts observed RansomHouse using more than one ransomware strain during attacks on a major Japanese e-commerce company. This suggests a flexible operational strategy rather than reliance on a single malware family.

Further insight into the group’s evolving capabilities comes from a new analysis by cybersecurity researchers, who examined RansomHouse’s latest encryptor, internally referred to as “Mario.” This version introduces a two-stage data transformation process that relies on two different encryption keys: one substantially longer than the other. Using multiple keys increases the randomness of the encrypted output, making partial file recovery or reconstruction far more challenging.

The updated encryptor also changes how files are handled during the encryption process. Instead of treating all files the same way, it adjusts its behavior based on file size. Large files are processed in dynamically sized chunks, with encryption applied intermittently rather than continuously. This irregular pattern makes the malware harder to analyze because it avoids predictable processing behavior.

Researchers also noted improvements in how the encryptor manages memory. The newer version separates tasks across multiple buffers, with each buffer assigned a specific role during encryption. This design increases operational complexity and reduces inefficiencies found in earlier variants.

Another visible change is the amount of internal information displayed during file processing. Unlike older versions, which only indicated when encryption was complete, the new encryptor provides more detailed status output as it operates.

Despite these changes, the ransomware continues to focus on virtual machine-related files, renaming encrypted data with a new extension and placing ransom instructions across affected directories.

Security researchers caution that these upgrades indicate a troubling direction in ransomware development. While RansomHouse does not carry out attacks at the scale of larger ransomware groups, its continued investment in advanced encryption techniques points to a strategy centered on precision, resilience, and evasion rather than volume.

Read more »
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
Virtual Kidnapping
Cyber Crime FBI Hacking Scammers Sensitive Information Virtual Kidnapping

FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings

 



The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The agency reports that these incidents, often described as virtual kidnappings, are designed to panic the target into paying quickly before verifying the claims.


How the scam begins

The operation usually starts when criminals search social media accounts or any platform where people share personal photos publicly. They collect pictures of individuals, including children, teenagers, and adults, and then edit those images to make it appear as though the person is being held against their will. Scammers may change facial expressions, blur backgrounds, add shadows, or alter body positions to create a sense of danger.

Once they prepare these altered images, they contact a relative or friend of the person in the photo. In most cases, they send a sudden text or place a call claiming a loved one has been kidnapped. The message is crafted to create immediate panic and often includes threats of harm if payment is not made right away.


The role of fake “proof of life”

One recurring tactic is the use of emotionally charged photos or short video clips that appear to show the victim in distress. These materials are presented as proof that the kidnapping is real. However, investigators have observed that the content often contains mistakes that reveal it has been edited. The inconsistencies can range from missing tattoos or scars to unnatural lighting, distorted facial proportions, or visual elements that do not match known photos of the person.

Criminals also try to limit the victim’s ability to examine the images closely. Some use disappearing messages or apps that make screenshots difficult. Others send messages in rapid succession to prevent the victim from taking a moment to reach out to the supposed abducted individual.


Why these scams escalate quickly

Scammers depend on speed and emotional intensity. They frequently insist that any delay will lead to harm, which pressures victims to make decisions without checking whether their loved one is actually safe. In some situations, criminals exploit posts about missing persons by inserting themselves into ongoing searches and providing false updates.

The FBI urges people to be mindful of the information they share online, especially when it involves personal photos, travel details, or locations. The agency recommends that families set up a private code word that can be used during emergencies to confirm identity. Individuals should avoid sharing personal information with unknown callers or strangers while traveling.

If someone receives a threatening call or message, the FBI advises them to stay calm and attempt to contact the alleged victim directly through verified communication channels. People should record or capture any messages, screenshots, phone numbers, images, or audio clips connected to the incident. These materials can help law enforcement determine whether the event is a hoax.

Anyone who believes they have been targeted by a virtual kidnapping attempt is encouraged to submit a report to the FBI’s Internet Crime Complaint Center at IC3.gov. The agency requests detailed information, including phone numbers used by the scammer, payment instructions, message transcripts, and any photos or videos that were provided as supposed evidence.





Read more »
violence-as-a-service
Cyber Crime Europol arrests OTF GRIMM operation teen crime recruitment violence-as-a-service

Europol’s OTF GRIMM Arrests Nearly 200 in Crackdown on “Violence-as-a-Service” Crime Networks

 

Nearly 200 people — including several minors linked to murder attempts — have been taken into custody over the past six months under Europol’s Operational Taskforce (OTF) GRIMM. The initiative focuses on dismantling what authorities describe as “violence-as-a-service” networks, where criminal groups lure young people online to execute contract killings and other violent attacks.

According to Europol, "These individuals are groomed or coerced into committing a range of violent crimes, from acts of intimidation and torture to murder," the agency said on Monday.

Launched in April, OTF GRIMM brings together specialists from Belgium, Denmark, Finland, France, Germany, Iceland, the Netherlands, Norway, Spain, Sweden, the UK, and Europol, alongside several online platforms.

In its first half-year, the taskforce reported arresting 63 suspects accused of planning or committing violent offenses, 40 individuals believed to be “enablers” of violence-for-hire operations, 84 recruiters, and six alleged “instigators.” Five of these instigators have been identified by investigators as “high-value targets.” Among those apprehended were three individuals in Sweden and Germany suspected of fatally shooting three victims on March 28 in Oosterhout, the Netherlands.

Authorities also detained two more suspects, aged 26 and 27, in the Netherlands in October for allegedly attempting a murder in Tamm, Germany, on May 12.

On July 1, Spanish police arrested six people — one of them a minor — who were allegedly plotting a murder. Firearms and ammunition were recovered, and investigators believe the operation prevented a “potential tragedy.”

In Denmark, seven individuals aged between 14 and 26 were either arrested or voluntarily surrendered in June. They are accused of using encrypted messaging platforms to recruit teenagers for contract killings.

These cases arise amid what cybersecurity experts describe as a significant rise in Europe-based cybercrime operations that spill into real-world violence. One of the most notable examples occurred in January, when Ledger co-founder David Balland and his wife, Amandine, were kidnapped in Vierzon, France. During the ordeal, their captors severed Balland’s finger while demanding ransom from another Ledger co-founder; the details of the ransom request have not been publicly disclosed.

Many suspects involved in violence-for-hire schemes have been linked to The Com — an informal group of English-speaking hackers, SIM swappers, and extortionists operating across several overlapping criminal networks. The organization’s influence has expanded internationally, prompting the FBI to issue a recent warning.

According to the bureau, a faction known as In Real Life (IRL) Com poses an increasing danger to young people in the U.S. The FBI’s alert highlighted IRL Com groups offering swatting services — incidents in which criminals file fake reports of shootings or bomb threats to provoke armed police responses at victims’ homes.
Read more »
Portugal
Cyber Crime CyberCrime cybercrime law Portugal

Portugal Updates Cybercrime Law To Protect Good-Faith Security Researchers

 

Portugal has updated its cybercrime law to offer legal protection to security researchers who probe systems in good faith and report vulnerabilities responsibly. The change creates a legal safe harbor for ethical hacking, turning what was previously classified as illegal access or data interception into a non-punishable act when strict conditions are met. The new provision appears in Article 8.o-A under the title "Acts not punishable due to public interest in cybersecurity." 

It states that hacking activities aimed at finding vulnerabilities and improving cybersecurity will not lead to criminal charges if several requirements are followed. To qualify for legal protection, researchers must act only to identify weaknesses that they did not introduce and must not seek financial reward beyond normal professional compensation. They must report the issue immediately to the system owner, any relevant data controller and the Portuguese cybersecurity authority CNCS. 

The law also requires that actions remain limited to what is necessary for detection. Researchers cannot disrupt services, modify data, steal information or cause damage. Personal data protected under GDPR must not be processed illegally, and banned techniques such as DDoS attacks, phishing, malware deployment and social engineering are not allowed. 

Any sensitive data accessed during testing must be kept confidential and deleted within 10 days after the vulnerability is fixed. Acts carried out with the explicit consent of the system owner are also exempt from punishment, but vulnerabilities discovered during the process must still be reported to the CNCS. Cybersecurity professionals view the change as an important step toward separating responsible research from criminal activity. 

The law provides clarity on what is allowed while giving ethical hackers the legal protection they have long requested. Portugal joins a growing number of countries adapting cybercrime laws to support good-faith research. Germany proposed similar protections in late 2024, and in 2022 the United States Department of Justice revised its prosecution guidelines under the Computer Fraud and Abuse Act (CFAA) to exempt responsible security testing. 

These legal reforms reflect an increasing recognition that ethical hackers play a key role in helping organizations find and fix security flaws before real criminals take advantage of them. Supporters say the new rules will encourage more vulnerability reporting and strengthen global cybersecurity.
Read more »
North Korea Cyber Operations
APT Cyber Crime cyber espionage Cyber Security Financial crime Financial Cybersecurity North Korea North Korea Cyber Operations

North Korean APT Collaboration Signals Escalating Cyber Espionage and Financial Cybercrime

 

Security analysts have identified a new escalation in cyber operations linked to North Korea, as two of the country’s most well-known threat actors—Kimsuky and Lazarus—have begun coordinating attacks with unprecedented precision. A recent report from Trend Micro reveals that the collaboration merges Kimsuky’s extensive espionage methods with Lazarus’s advanced financial intrusion capabilities, creating a two-part operation designed to steal intelligence, exploit vulnerabilities, and extract funds at scale. 

Rather than operating independently, the two groups are now functioning as a complementary system. Kimsuky reportedly initiates most campaigns by collecting intelligence and identifying high-value victims through sophisticated phishing schemes. One notable 2024 campaign involved fraudulent invitations to a fake “Blockchain Security Symposium.” Attached to the email was a malicious Hangul Word Processor document embedded with FPSpy malware, which stealthily installed a keylogger called KLogEXE. This allowed operators to record keystrokes, steal credentials, and map internal systems for later exploitation. 

Once reconnaissance was complete, data collected by Kimsuky was funneled to Lazarus, which then executed the second phase of attacks. Investigators found Lazarus leveraged an unpatched Windows zero-day vulnerability, identified as CVE-2024-38193, to obtain full system privileges. The group distributed infected Node.js repositories posing as legitimate open-source tools to compromise server environments. With this access, the InvisibleFerret backdoor was deployed to extract cryptocurrency wallet contents and transactional logs. Advanced anti-analysis techniques, including Fudmodule, helped the malware avoid detection by enterprise security tools. Researchers estimate that within a 48-hour window, more than $30 million in digital assets were quietly stolen. 

Further digital forensic evidence reveals that both groups operated using shared command-and-control servers and identical infrastructure patterns previously observed in earlier North Korean cyberattacks, including the 2014 breach of a South Korean nuclear operator. This shared ecosystem suggests a formalized, state-aligned operational structure rather than ad-hoc collaboration.  

Threat activity has also expanded beyond finance and government entities. In early 2025, European energy providers received a series of targeted phishing attempts aimed at collecting operational power grid intelligence, signaling a concerning pivot toward critical infrastructure sectors. Experts believe this shift aligns with broader strategic motivations: bypassing sanctions, funding state programs, and positioning the regime to disrupt sensitive systems if geopolitical tensions escalate. 

Cybersecurity specialists advise organizations to strengthen resilience through aggressive patch management, multi-layered email security, secure cryptocurrency storage practices, and active monitoring for indicators of compromise such as unexpected execution of winlogon.exe or unauthorized access to blockchain-related directories. 

Researchers warn that the coordinated activity between Lazarus and Kimsuky marks a new phase in North Korea’s cyber posture—one blending intelligence gathering with highly organized financial theft, creating a sustained and evolving global threat.
Read more »
Ransomware
Akira Cyber Crime Data Theft it services Ransomware

Virtual Machines on Nutanix AHV now in Akira’s Crosshairs; Enterprises must Close Gaps

 



Security agencies have issued a new warning about the Akira ransomware group after investigators confirmed that the operators have added Nutanix AHV virtual machines to their list of targets. This represents a significant expansion of the group’s capabilities, which had already included attacks on VMware ESXi and Microsoft Hyper-V environments. The update signals that Akira is no longer limiting itself to conventional endpoints or common hypervisors and is now actively pursuing a wider range of virtual infrastructure used in large organisations.

Although Akira was first known for intrusions affecting small and medium businesses across North America, Europe and Australia, the pattern of attacks has changed noticeably over the last year. Incident reports now show that the group is striking much larger companies, particularly those involved in manufacturing, IT services, healthcare operations, banking and financial services, and food-related industries. This shift suggests a strategic move toward high-value victims where disruptions can cause substantial operational impact and increase the pressure to pay ransom demands.

Analysts observing the group’s behaviour note that Akira has not simply created a few new variants. Instead, it has invested considerable effort into developing ransomware that functions across multiple operating systems, including Windows and Linux, and across several virtualisation platforms. Building such wide-reaching capability requires long-term planning, and researchers interpret this as evidence that the group aims to remain active for an extended period.


How attackers get into networks 

Investigations into real-world intrusions show that Akira typically begins by taking advantage of weak points in remote access systems and devices connected to the internet. Many victims used VPN systems that lacked multifactor authentication, making them vulnerable to attackers trying common password combinations or using previously leaked credentials. The group has also exploited publicly known vulnerabilities in networking products from major vendors and in backup platforms that had not been updated with security patches.

In addition to these weaknesses, Akira has used targeted phishing emails, misconfigured Remote Desktop Protocol portals, and exposed SSH interfaces on network routers. In some breaches, compromising a router allowed attackers to tunnel deeper into internal networks and reach critical servers, especially outdated backup systems that had not been maintained.

Once inside, the attackers survey the entire environment. They run commands designed to identify domain controllers and trust relationships between systems, giving them a map of how the network is structured. To avoid being detected, they often use remote-access tools that are normally employed by IT administrators, making their activity harder to differentiate from legitimate work. They also disable security software, create administrator-level user accounts for long-term access, and deploy tools capable of running commands on multiple machines at once.


Data theft and encryption techniques 

Akira uses a double-extortion method. The attackers first locate and collect sensitive corporate information, which they compress and transfer out of the network using well-known tools such as FileZilla, WinRAR, WinSCP or RClone. Some investigations show that this data extraction process can be completed in just a few hours. Once the information has been removed, they launch the ransomware encryptor, which uses modern encryption algorithms that are designed to work quickly and efficiently. Over time, the group has changed the file extensions that appear after encryption and has modified the names and placement of ransom notes. The ransomware also removes Windows shadow copies to block easy recovery options.


Why the threat continues to succeed 

Cybersecurity experts point out that Akira benefits from long-standing issues that many organisations fail to address. Network appliances, remote access devices, and backup servers often remain unpatched for months, giving attackers opportunities to exploit vulnerabilities that should have been resolved. These overlooked systems create gaps that remain unnoticed until an intrusion is already underway.


How organisations can strengthen defences 

While applying patches, enabling multifactor authentication, and keeping offline backups remain essential, the recent wave of incidents shows that more comprehensive measures are necessary. Specialists recommend dividing networks into smaller segments to limit lateral movement, monitoring administrator-level activity closely, and extending security controls to backup systems and virtualisation consoles. Organisations should also conduct complete ransomware readiness exercises that include not only technical recovery procedures but also legal considerations, communication strategies, and preparations for potential data leaks.

Security researchers emphasise that companies must approach defence with the same mindset attackers use to find vulnerabilities. Identifying weaknesses before adversaries exploit them can make the difference between a minor disruption and a large-scale crisis.



Read more »
Waymo
Cyber Crime Footage Robotaxi San Francisco Shooting surveillance Waymo

Waymo Robotaxi Films Deadly San Francisco Shooting

 

A Waymo autonomous vehicle may have captured video footage of a fatal shooting incident in San Francisco's Mission neighborhood over the weekend, highlighting the emerging role of self-driving cars as potential witnesses in criminal investigations. The incident resulted in one man's death and left another person critically injured.

The incident and arrest

According to 9-1-1 dispatcher calls cited by the San Francisco Standard, a Waymo robotaxi was parked near the crime scene during the shooting. Police have identified the suspect as 23-year-old Larry Hudgson Jr., who was subsequently arrested without incident in a nearby neighborhood and booked into county jail. It remains unclear whether law enforcement has formally requested footage from the autonomous vehicle.

Privacy concerns

Waymo vehicles are equipped with extensive surveillance technology, featuring at least 29 cameras on their interiors and exteriors that continuously monitor their surroundings. This comprehensive camera coverage has drawn criticism from privacy advocates who describe the vehicles as "little mobile narcs" capable of widespread surveillance. The company maintains it does not routinely share data with law enforcement without proper legal requests.

Company policy on law enforcement access

Waymo co-CEO Tekedra Mawakana explained the company's approach during an interview with the New York Times podcast Hard Fork, emphasizing transparency in their privacy policy. The company follows legal processes when responding to footage requests and narrows the scope as necessary. Waymo representatives have stated they actively challenge data requests lacking valid legal basis or those considered overbroad.

This incident exemplifies how smart devices increasingly contribute to the surveillance economy and criminal investigations. Similar cases include Amazon being ordered to provide Echo device data for a 2017 New Hampshire murder investigation, Tesla cameras assisting in hate crime arrests in 2021, and Uber Eats delivery bot footage used in an abduction case. As autonomous vehicles become more prevalent in American cities, their role as digital witnesses in criminal cases appears inevitable.
Read more »
USA
Bulletproof hosting Cyber Crime media land Ransomware Russia USA

Governments sanction Russian “bulletproof” host for aiding ransomware networks

 



Authorities in the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian bulletproof hosting provider accused of giving safe and long-term technical support to ransomware operators and other criminal groups. Officials say the newly sanctioned entities have played a central role in keeping several high-impact cybercrime operations online.

A bulletproof hosting service is a type of internet infrastructure provider that knowingly allows harmful activity on its servers. These companies rent out digital space and refuse to take down malicious websites, even when they receive complaints from victims or requests from law enforcement. Such services help threat actors conduct phishing campaigns, distribute malware, run command and control systems for their attacks, and host illegal content without fear of quick removal. This resistance to oversight makes it harder for investigators to disrupt cybercriminal networks.


Media Land and its linked companies named as key targets

The United States Treasury’s Office of Foreign Assets Control announced that Media Land, a Russia-based provider, has been added to the sanctions list along with three related firms: Media Land Technology, Data Center Kirishi, and ML Cloud. According to officials, Media Land’s infrastructure has been connected to well-known ransomware groups. It has also been tied to distributed denial-of-service attacks that targeted American companies, including systems categorized as critical infrastructure such as parts of the telecommunications sector.


Officials name individuals connected to the operation

Sanctions also extend to three people associated with Media Land. Aleksandr Volosovik has been identified as someone who promoted the company’s services on underground cybercriminal forums under the username Yalishanda. Another individual, Kirill Zatolokin, is accused of handling customer payments. A third person, Yulia Pankova, is said to have assisted with legal matters and financial management. The United Kingdom additionally stated that Volosovik has interacted with multiple cybercrime groups in the past.


Other companies involved in supporting the infrastructure

The sanctions package further includes Aeza Group LLC, another bulletproof hosting operator that had already been sanctioned earlier this year. Authorities say Aeza attempted to continue operating by using a UK-based company named Hypercore Ltd as a front. Additional entities in Serbia and Uzbekistan that provided technical assistance to the network have also been designated.


Government agencies issue defensive guidance

Along with the sanctions, cybersecurity agencies across the Five Eyes alliance released technical recommendations to help defenders identify and block activity linked to bulletproof hosting services. They suggest creating high-confidence lists of harmful internet resources based on verified threat intelligence, performing continuous monitoring of network traffic, and applying filtering rules at network boundaries while examining how those rules might affect legitimate users. The guidance also encourages service providers to maintain stronger onboarding checks for new customers since criminal operators often hide behind temporary email accounts or phone numbers.


Implications of the sanctions

All assets connected to the named individuals and companies within the United States, the United Kingdom, and Australia will now be frozen. Any organisation or person that continues to conduct transactions with them may face secondary sanctions or other enforcement actions. This step builds on earlier actions taken in February, when the three nations sanctioned ZServers, another Russian hosting operation, while Dutch authorities seized more than one hundred of its servers.

The coordinated announcement signals a growing international effort to dismantle the online infrastructure that ransomware groups depend on. It also reinforces the need for organisations to maintain strong cybersecurity practices, rely on reputable service providers, and monitor threat intelligence to reduce exposure to criminal activity.

Read more »
Scam
AI Deepfakes Bengaluru Cyber Crime deep fake videos Financial Scam links Scam

Deepfake of Finance Minister Lures Bengaluru Homemaker into ₹43.4 Lakh Trading Scam




A deceptive social media video that appeared to feature Union Finance Minister Nirmala Sitharaman has cost a Bengaluru woman her life’s savings. The 57-year-old homemaker from East Bengaluru lost ₹43.4 lakh after being persuaded by an artificial intelligence-generated deepfake that falsely claimed the minister was recommending an online trading platform promising high profits.

Investigators say the video, which circulated on Instagram in August, directed viewers to an external link where users were encouraged to sign up for investment opportunities. Believing the message to be authentic, the woman followed the link and entered her personal information, which was later used to contact her directly.

The next day, a man identifying himself as Aarav Gupta reached out to her through WhatsApp, claiming to represent the company shown in the video. He invited her to a large WhatsApp group titled “Aastha Trade 238”, which appeared to host over a hundred participants discussing stock trades. Another contact, who introduced herself as Meena Joshi, soon joined the conversation, offering to help the victim learn how to use the firm’s trading tools.

Acting on their guidance, the homemaker downloaded an application called ACSTRADE and created an account. Meena walked her through the steps of linking her bank details, assuring her that the platform was reliable. The first transfer of ₹5,000 was made soon after, and to her surprise, the app began displaying what looked like real profits.

Encouraged by what appeared to be rapid returns, she made larger investments. The application showed her initial ₹1 lakh growing into ₹2 lakh, and a later ₹5 lakh transfer seemingly yielding ₹8 lakh. The visual proof of profit strengthened her trust, and she kept transferring higher amounts.

In September, problems surfaced. While exploring an “IPO feature” on the app, she tried to exit but was unable to do so due to recurring technical errors. When she sought help, Meena advised her to continue investing to prevent losses. The woman followed this advice, transferring a total of ₹23 lakh in hopes of recovering her funds.

Once her savings were exhausted, the scammers proposed a loan option within the same app, claiming it would help her maintain her trading record. When she attempted to withdraw money, the platform denied the request, displaying a message stating her loan account was still active. Believing the issue could be resolved with more funds, she pawned her gold jewellery at a bank and a finance company, wiring additional money to the fraudsters.

By late October, her total transfers had reached ₹43.4 lakh across 13 separate transactions between September 24 and October 27. The deception came to light only when her bank froze her account on November 1, alerting her that unusual activity had been detected.

The East Cybercrime Police Station has since registered a case under the Information Technology Act and Section 318 of the Bharatiya Nyaya Sanhita, which addresses cheating. Officers confirmed that the fraudulent video used sophisticated AI tools to mimic the minister’s voice and gestures convincingly, making it difficult for untrained viewers to identify as fake.

Police officials have urged the public to remain alert to deepfake-driven scams that exploit public trust in well-known personalities. They advise verifying any financial offer through official government portals or trusted news sources, and to avoid clicking unfamiliar links on social media.

Experts warn that such crimes surface a new wave of cyber fraud, where manipulated media is used to build false credibility. Citizens are advised never to disclose personal or banking information through unverified links, and to immediately report suspicious investment schemes to their banks or local cybercrime authorities.



Read more »
Subscribe to: Comments (Atom)