Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Crime. Show all posts
GuidePoint Security
Akira Ransomware Cyber Crime Cyber Security Ransomware Attacks cybercrime group cybercrime group attack cybersecurity threat actors GuidePoint Security

Global Ransomware Groups Hit Record High as Smaller Threat Actors Emerge

 

The number of active ransomware groups has reached an unprecedented high, marking a new phase in the global cyber threat landscape. According to GuidePoint Security’s latest Ransomware & Cyber Threat Report, the total number of active groups surged 57%, climbing from 49 in the third quarter of 2024 to an all-time peak of 77. Despite this sharp rise, the number of victims has remained consistent, averaging between 1,500 and 1,600 per quarter since late last year. 

The United States continues to bear the brunt of these attacks, accounting for 56% of all reported victims. Germany and the United Kingdom followed distantly at 5% and 4%, respectively. Manufacturing, technology, and the legal sectors were among the hardest hit, with the manufacturing industry alone reporting 252 publicly claimed attacks in the second quarter—a 26% increase from the previous quarter. 

GuidePoint’s senior threat intelligence analyst, Nick Hyatt, noted that while the overall ransomware volume has stabilized, the number of distinct groups is soaring. He explained that this growth reflects both the consolidation of experienced threat actors under major ransomware-as-a-service (RaaS) platforms and the influx of newer, less skilled operators trying to gain traction in the ecosystem. 

Among the most active groups, Qilin led with a dramatic 318% year-over-year surge, claiming 234 victims this quarter. Akira followed with 130 victims, while IncRansom—first detected in August 2023—emerged as the third most active group after a sharp increase in attacks. Another rising player, SafePay, has steadily expanded its operations since its appearance in late 2024, now linked to 258 victims across 29 industries and 30 countries in 2025 alone. 

GuidePoint’s researchers also observed a growing number of unclaimed or unattributed ransomware attacks, suggesting that many threat actors are either newly formed or deliberately avoiding public identification. This trend points to an increasingly fragmented and unpredictable ransomware environment. 

While the stabilization in overall attack numbers might appear reassuring, experts warn against complacency. The rapid diversification of ransomware groups and the proliferation of smaller, anonymous actors underline the evolving sophistication of cybercrime. As Hyatt emphasized, this “new normal” reflects a sustained, adaptive threat landscape that demands continuous vigilance, proactive defense strategies, and cross-industry collaboration to mitigate future risks.
Read more »
Online Scam
China cross border fraud Cyber Crime Gambling Myanmar Online Scam

China Sentences 11 Individuals to Death Over Massive Cross-Border Scam Network

 



A Chinese court has handed down death sentences to 11 individuals involved in a vast, family-run criminal network that operated online scam and gambling schemes across the China-Myanmar border. The Wenzhou Intermediate People’s Court in Zhejiang Province announced the verdict on Monday, stating that the group was responsible for large-scale fraud, human trafficking, and the deaths of workers who attempted to flee the scam compounds.

According to official reports, the syndicate was managed by a family known locally as the Ming group, which had gained significant influence in the Kokang region of northern Myanmar — a semi-autonomous territory along China’s border. The group allegedly established multiple compounds, including a major base called “Crouching Tiger Villa,” where thousands of trafficked individuals were forced to participate in online scams and illegal gambling activities.

Investigations revealed that at the height of their operations, nearly 10,000 workers were involved in conducting cyber fraud schemes under the family’s control. The compounds were heavily guarded, and individuals who resisted orders or tried to escape faced violent punishment. The court cited several incidents of brutality, including a shooting in October 2023, where armed members opened fire on people attempting to flee one of the scam sites, resulting in four deaths.

The criminal organization’s activities reflected the broader challenge of cross-border cybercrime in Southeast Asia, where corruption and ongoing conflicts have allowed criminal groups to thrive. The Ming family and their associates reportedly leveraged their local political and military connections to protect their network and expand operations into drug trafficking, illegal casinos, and organized prostitution.

China intensified its crackdown on such scam networks in 2023 following mounting public pressure from families of trafficked victims and growing media attention. In November that year, Chinese authorities issued warrants for members of the Ming family, offering rewards ranging from $14,000 to $70,000 for information leading to their arrest. The group’s leader, who had reportedly served as a member of a regional parliament in Myanmar, took his own life while in custody, according to Chinese state media.

The court also sentenced five additional defendants to death with a two-year reprieve and imposed prison terms ranging from five to twenty-four years on twelve others. Chinese authorities stated that the group’s crimes led to at least ten deaths.

Beijing’s actions form part of a broader regional effort to dismantle cybercrime rings that target Chinese citizens. Authorities have reported that over 53,000 suspects and victims have been repatriated from scam compounds in northern Myanmar since the crackdown began.

Despite recent enforcement measures, experts note that Southeast Asia’s online scam networks remain highly adaptive. Many criminal groups are turning to cryptocurrencies and artificial intelligence to expand operations and conceal financial flows. Analysts warn that while the convictions mark a strong legal response, eradicating cross-border fraud will require deeper cooperation between governments, stricter financial monitoring, and ongoing protection for victims of trafficking.



Read more »
Telecom cybercrime news
Cyber Crime cybersecurity news Fake SIM Card Fraud Telecom cybercrime news

Fake SIM Cards Fuel Cybercrime Surge as Eastern Uttar Pradesh Emerges Under Scrutiny

 

A quiet digital crisis is spreading across India. In the past three months, the Department of Telecommunications (DoT) has disconnected more than 6.1 million mobile numbers after uncovering large-scale fraudulent registrations. 

Investigators say eastern Uttar Pradesh has become a major centre for this growing network of fake SIM cards. The findings reveal how fake mobile connections are being used to power phishing calls, financial scams, and other forms of cybercrime. Government data shows that around 3.2 million fake SIM cards were traced to western Uttar Pradesh, while 1.6 million originated from the eastern region. These connections, officials say, often serve as digital weapons for organized criminal groups operating across India. 

To counter this threat, the government has launched the Sanchar Saathi portal (sancharsaathi.gov.in) and a companion mobile app. Through this platform, users can check all mobile numbers issued in their name using the “Know My Mobile Connections” feature. 

It allows them to identify unfamiliar numbers and report them for immediate action. Officials believe this initiative will help citizens monitor their telecom identities and reduce the misuse of personal data. By creating transparency between users and service providers, the government hopes to build stronger digital accountability. 

The Issue of Multiple SIM Cards 

During the nationwide verification exercise, authorities discovered that thousands of individuals possessed more than nine SIM cards. 

The DoT has now ordered these connections to be re-verified, warning that any unverified numbers will be blocked. Investigators say such cases often involve forged identity documents used by fraud networks to acquire SIM cards in bulk for illegal use. 

Experts Warn of a Larger Security Risk 

Cybercrime experts caution that fake SIM cards are not a minor irregularity but part of a much larger problem. They form the base of several online frauds, from financial theft to digital impersonation. 

Professor Triveni Singh, a well-known cybercrime expert and former IPS officer, explains, “SIM card fraud is not merely a local problem. It is a threat that cuts across personal financial safety and national security alike. Unless identity verification systems are made foolproof and strictly enforced, the risk will continue to grow.” 

His statement reflects the growing anxiety among cybersecurity professionals who see telecom identity fraud as a weak link that can be exploited by criminal networks and even foreign actors. 

A Call for Vigilance 

For ordinary citizens, the government’s findings serve as a reminder that their digital identities can be misused without their knowledge. 

A SIM card registered under someone’s name could be used to commit crimes, leading to serious legal and financial consequences. 

To prevent such misuse, officials are urging citizens to visit the Sanchar Saathi portal, verify their mobile numbers, and flag any they do not recognize. 

The process involves entering the mobile number, verifying with an OTP, and reviewing all active connections under the user’s name. Suspicious or unused numbers can be reported for deactivation. 

Looking Ahead 
 
The situation in Uttar Pradesh highlights a deeper issue within India’s telecom ecosystem. While the government’s new verification system marks a step forward, experts say its success depends on public awareness and regular participation. 

As digital fraud becomes more sophisticated, even one fake SIM card can be enough to compromise a person’s safety or reputation. Strengthening telecom verification and encouraging citizens to take responsibility for their digital presence are now crucial steps in protecting India’s connected future.
Read more »
NCRB
Bengaluru Cyber Crime Cyberattacks cybersecurity concerns Cybersecurity Crisis Digital Fraud Frauds karnataka NCRB

Karnataka Tops Cybercrime Cases in India with Bengaluru Emerging as the Epicenter

 

Karnataka has earned the unfortunate distinction of being the cybercrime capital of India, accounting for more than a quarter of all reported cases in the country. According to the latest data released by the National Crime Records Bureau (NCRB), the State registered 21,889 cybercrime incidents in 2023, representing 25.57% of the national tally. This figure placed Karnataka well ahead of Telangana, which reported 18,236 cases and ranked second. 

At the core of this rise is Bengaluru, the State’s technology hub and India’s leading IT city. The city alone recorded 17,631 cybercrime cases in 2023, making it the highest in the country. Among metropolitan cities, Bengaluru accounted for more than half—51.92%—of all cases across the 19 metros. Hyderabad followed at a distant second with 4,855 cases. The scale of the issue in Bengaluru is striking, with its cybercrime rate standing at 207.4 cases per lakh population, a figure more than seven times higher than the national average. 

The upward trend is evident in recent years. From 6,423 cases in 2021 to 9,940 in 2022, Bengaluru witnessed a sharp escalation, crossing 17,600 cases in 2023. Data indicates that fraud and sexual exploitation remain the primary motives behind the crimes. Although Karnataka logged a marginal increase to 22,468 cybercrime cases in 2024, the trajectory in 2025 has shown a slight decline, with 7,293 cases reported halfway through the year. Police officials, however, caution that while case numbers may be lower, the sophistication of scams and the financial impact on victims continue to intensify. 

Despite the surge in reporting, conviction rates remain alarmingly low. In 2023, Karnataka recorded only 44 convictions, including cases from previous years, alongside 60 acquittals. In Bengaluru, less than 0.3% of cases resulted in conviction, raising concerns about deterrence and enforcement effectiveness. Experts argue that the shortage of skilled cybercrime investigators is one of the key reasons behind the poor conviction rates.  

Senior police officers attribute the State’s high numbers to multiple factors: poor cyber hygiene, inadequate awareness, and a constantly evolving modus operandi by fraudsters. Bengaluru’s status as an IT hub also contributes, with a mixed population engaging heavily in investment platforms, e-commerce, and online trading. This has led to an increase in scams such as investment fraud and courier-related cons, often targeting educated individuals seeking higher returns. 

Cybersecurity experts warn that insufficient awareness programs and the lack of inter-State collaboration in investigations allow fraudsters to escape accountability. They emphasize that Karnataka’s newly developed Cyber Command Unit (CCU) could become a game-changer in strengthening the State’s response, particularly following the High Court’s directive to enhance its capabilities.  

Karnataka’s experience underscores a larger national challenge—while cybercrime continues to escalate, enforcement, awareness, and conviction efforts must evolve to keep pace with increasingly sophisticated digital frauds.
Read more »
Social Engineering
Cyber Crime Ransom Payment Ransomware Scattered Spider Social Engineering

Teens Arrested Over Scattered Spider’s $115M Hacking Spree

 

Law enforcement authorities in the United States and United Kingdom have arrested two teenagers connected to the notorious Scattered Spider hacking collective, charging them with executing an extensive cybercrime operation that netted over $115 million in ransom payments.

The UK's National Crime Agency arrested 19-year-old Thalha Jubair of East London and 18-year-old Owen Flowers of Walsall, West Midlands, at their homes on Tuesday. Both suspects appeared in London court on Thursday to face charges related to their alleged involvement in a cyberattack against Transport for London (TfL) in August 2024 .

Scale of criminal activity

The US Justice Department has charged Jubair with participating in at least 120 computer network intrusions and extortion attempts targeting 47 US organizations from May 2022 to September 2025. Federal authorities allege these attacks caused victims to pay more than $115 million in ransom payments, with the malicious activities causing significant disruptions to US enterprises, critical infrastructure, and the federal judicial system.

Timeline of offenses

Investigators believe Jubair began his cybercriminal activities at age 14, with the hacking spree spanning from 2022 until last month. Flowers was initially arrested in September 2024 for the TfL attack but was released on bail before being rearrested l. Both suspects had previously been detained in July for data theft incidents targeting UK retailers including Marks & Spencer, Harrods, and Co-op Group.

Scattered Spider distinguishes itself from other cybercriminal organizations through the notably young age of its members and their English-speaking proficiency. The group employs sophisticated social engineering tactics, frequently impersonating IT support personnel to deceive employees into revealing passwords or installing remote access software. Their attacks have disrupted major organizations including MGM Resorts and Caesars Entertainment in Las Vegas during 2023.

Legal consequences 

Jubair faces multiple charges related to computer fraud and money laundering, with prosecutors indicating he could receive a maximum sentence of 95 years in prison if convicted. Investigators linked the breaches to Jubair through evidence showing he managed servers hosting cryptocurrency wallets used for receiving ransom payments. 

Flowers faces additional charges for conspiring to infiltrate and damage networks of US healthcare companies SSM Health Care Corporation and Sutter Health.
Read more »
U.S. Court
BreachForums CSAM Cyber Crime Federal Prison U.S. Court

BreachForums Founder Resentenced to Three Years After Appeal

 

In a significant legal outcome for the cybersecurity landscape, Conor Fitzpatrick, the founder of the notorious BreachForums underground hacking site, has been resentenced to three years in federal prison after appeals overturned his previous lenient sentence. 

Fitzpatrick, who operated under the alias Pompompurin, was originally arrested in March 2023 for running the forum and faced multiple charges: access device conspiracy, access device solicitation, and possession of child sexual abuse material (CSAM). He pleaded guilty to all counts in January 2024 and was initially handed 17 days in jail and 20 years of supervised release, a punishment prosecutors sharply criticized as dramatically insufficient given the gravity of his crimes. 

Appeals and resentencing 

The U.S. Court of Appeals for the Fourth Circuit agreed with prosecutors, declaring the original sentence “substantively unreasonable” for failing to serve proper sentencing purposes. This led to Fitzpatrick’s resentencing and a harsher three-year prison term.

BreachForums, which emerged in March 2022 as a successor to the dismantled RaidForums, became one of the most active online marketplaces for stolen data and compromised credentials. At its peak, it hosted more than 14 billion individual records and counted 330,000 members among its user base. U.S. authorities emphasized that Fitzpatrick “personally profited from the sale of vast quantities of stolen information,” ranging from private personal details to sensitive commercial data. 

Despite repeated law enforcement takedown attempts, BreachForums managed to resurface multiple times, illustrating the resilience of such underground communities. The arrest of Baphomet, the admin who took over after Fitzpatrick was detained, did little to slow the forum; it slipped into the hands of ShinyHunters, a cybercriminal group linked to several high-profile data breaches. 

As of mid-September 2025, BreachForums is offline, with its maintainers announcing a decision to “go dark”—a phrase that suggests not just temporary shutdown, but a possible strategic retreat rather than a permanent closure. This mirrors the recent moves of other infamous cybercrime collectives like Lapsus$ and Scattered Spider, who have also vanished from the digital underground, at least for now. 

Context and implications 

The case of Conor Fitzpatrick and BreachForums highlights the challenges of prosecuting transnational cybercrime and the difficulties law enforcement faces in permanently dismantling underground hacking forums. Despite impressive numbers—14 billion records, hundreds of thousands of members—the legal outcome for operators is often uncertain, with initial sentences sometimes appearing disproportionately light compared to the scale of the harm caused.

The resentencing of Fitzpatrick marks a tightening stance by the U.S. Department of Justice, signaling that courts are now more willing to impose harsher penalties on those who profit from stolen data and operate platforms that enable large-scale cybercrime. Yet, even as high-profile forums like BreachForums disappear, the enduring cycle of takedown, migration, and reemergence of similar platforms suggests that the broader threat will persist as long as demand for stolen data remains high.
Read more »
Sim Cloning
Aadhaar Scam Amroha Cyber Crime Data Theft Sim Cloning

SIM Cloning and Aadhaar Data Theft Expose Massive Cyber Heist in Amroha

 

A sophisticated cyber heist in Amroha, Uttar Pradesh, has exposed critical vulnerabilities in India's Aadhaar biometric identification system, where cybercriminals successfully cloned SIM cards and stole biometric data from over 1,500 citizens across 12 states. This elaborate fraud network, operating primarily from Badaun and Amroha districts, represents one of the most significant identity theft operations uncovered in recent years.

The criminal enterprise was masterminded by Ashish Kumar, a BTech dropout, who developed sophisticated counterfeit websites that closely resembled official Aadhaar and Passport Seva portals. These fake platforms enabled the gang to input fraudulent data and generate forged documents, including passports, with access sold to a network of 200 to 300 agents spread across multiple states.

The cybercriminals employed advanced technical methods to bypass UIDAI security systems, including cloning credentials of authorized Aadhaar operators and copying sensitive biometrics like iris scans. They utilized specialized software to overcome geo-fencing restrictions that normally prevent remote access to Aadhaar portals, allowing them to upload tampered biometric data from unauthorized locations. 

A key component of their operation involved manipulating fingerprint scanners to accept silicone-molded fingerprints created from impressions collected from legitimate operators and vulnerable individuals, many from underprivileged backgrounds. These altered scanners successfully fooled the system's biometric authentication, bypassing Aadhaar's real-time security locks. 

The fraud network charged clients between ₹2,000 and ₹5,000 for illegally updating personal details such as names, birth dates, addresses, or mobile numbers on Aadhaar cards. The operation extended beyond Aadhaar manipulation to include creating fake birth certificates and ration cards to support fraudulent identity changes. 

Following stricter verification protocols introduced in December 2024, the gang adapted their tactics, using forged documents on third-party platforms to create over 20 fake passports, several of which were successfully uploaded into the UIDAI system. Investigators recovered at least 400 forged supporting documents during the investigation.

The joint cyber team, supervised by SP Sambhal Krishna Kumar Bishnoi and ASP Anukriti Sharma, arrested four key players: Ashish Kumar, Dharmender Singh, and Raunak Pal from Badaun, and Kasim Hussain from Amroha. All accused face charges under the Aadhaar Act, Information Technology Act, and Passport Act for identity theft, cheating, and unauthorized access to protected systems. 

This case highlights significant security gaps in India's digital identity infrastructure and the sophisticated methods employed by cybercriminals to exploit biometric authentication systems.
Read more »
US treasury
Cyber Crime Financial Fraud Investment fraud OFAC Scams US treasury

U.S. Sanctions Cybercrime Networks Behind $10 Billion in Fraud

 




The United States Treasury has announced sweeping sanctions against criminal groups accused of running large-scale online scams that cost Americans more than $10 billion last year. The targeted networks, mainly operating out of Myanmar and Cambodia, are accused not only of financial fraud but also of serious human rights abuses.


How the scams work

Authorities say the groups rely on a mix of fraudulent tactics to trick people into sending money. Common schemes include romance scams, in which criminals build fake online relationships to extract funds, and investment frauds that present convincing but false opportunities. Victims often believe they are dealing with legitimate businesses or partners, only to later discover that their savings have vanished.

Investigators also mentioned disturbing practices inside these scam compounds. Many operations reportedly force people, often trafficked across borders into working long hours under threats of violence. Survivors describe conditions that amount to modern-day slavery, with physical abuse used to maintain control.


Why sanctions were imposed

To disrupt these activities, the Treasury’s Office of Foreign Assets Control (OFAC) blacklisted nearly two dozen individuals and entities. Those sanctioned include property owners who rent out space for scam centers, energy suppliers that keep the compounds running, holding companies tied to armed groups in Myanmar, and organizers of money-laundering networks.

Once placed on the OFAC list, people and organizations lose access to any assets that fall under U.S. jurisdiction. They are also cut off from the American banking system and cannot transact in U.S. dollars. U.S. citizens and businesses are prohibited from dealing with them, and even non-U.S. companies typically avoid contact to prevent secondary penalties.


Scale of the problem

The Treasury noted that reported losses linked to Southeast Asian scams rose 66 percent in a single year, reflecting how quickly these operations are expanding. The scams have become highly sophisticated, with call centers staffed by English-speaking workers, slick websites, and carefully scripted methods for gaining trust. This combination makes them harder for individuals to detect and easier for the criminals to scale globally.


Implications for victims and prevention

Officials stress that the financial impact is only part of the damage. Beyond the billions stolen from households, thousands of people are trapped in the scam compounds themselves, unable to leave. The sanctions are designed to cut off the networks’ financial lifelines, but enforcement alone cannot stop every fraudulent attempt.

Experts urge the public to remain watchful. Requests for money from strangers met online, or platforms promising unusually high returns, should raise red flags. Before investing or transferring funds, individuals should verify companies through independent and official sources. Suspected fraud should be reported to authorities, both to protect oneself and to aid broader crackdowns on these networks.


Read more »
Ransomware
AI Anthropic Cyber Crime Extortion Ransomware

Cybercriminals Weaponize AI for Large-Scale Extortion and Ransomware Attacks

 

AI company Anthropic has uncovered alarming evidence that cybercriminals are weaponizing artificial intelligence tools for sophisticated criminal operations. The company's recent investigation revealed three particularly concerning applications of its Claude AI: large-scale extortion campaigns, fraudulent recruitment schemes linked to North Korea, and AI-generated ransomware development. 

Criminal AI applications emerge 

In what Anthropic describes as an "unprecedented" case, hackers utilized Claude to conduct comprehensive reconnaissance across 17 different organizations, systematically gathering usernames and passwords to infiltrate targeted networks.

The AI tool autonomously executed multiple malicious functions, including determining valuable data for exfiltration, calculating ransom demands based on victims' financial capabilities, and crafting threatening language to coerce compliance from targeted companies. 

The investigation also uncovered North Korean operatives employing Claude to create convincing fake personas capable of passing technical coding evaluations during job interviews with major U.S. technology firms. Once successfully hired, these operatives leveraged the AI to fulfill various technical responsibilities on their behalf, potentially gaining access to sensitive corporate systems and information. 

Additionally, Anthropic discovered that individuals with limited technical expertise were using Claude to develop complete ransomware packages, which were subsequently marketed online to other cybercriminals for prices reaching $1,200 per package. 

Defensive AI measures 

Recognizing AI's potential for both offense and defense, ethical security researchers and companies are racing to develop protective applications. XBOW, a prominent player in AI-driven vulnerability discovery, has demonstrated significant success using artificial intelligence to identify software flaws. The company's integration of OpenAI's GPT-5 model resulted in substantial performance improvements, enabling the discovery of "vastly more exploits" than previous methods.

Earlier this year, XBOW's AI-powered systems topped HackerOne's leaderboard for vulnerability identification, highlighting the technology's potential for legitimate security applications. Multiple organizations focused on offensive and defensive strategies are now exploring AI agents to infiltrate corporate networks for defense and intelligence purposes, assisting IT departments in identifying vulnerabilities before malicious actors can exploit them. 

Emerging cybersecurity arms race 

The simultaneous adoption of AI technologies by both cybersecurity defenders and criminal actors has initiated what experts characterize as a new arms race in digital security. This development represents a fundamental shift where AI systems are pitted against each other in an escalating battle between protection and exploitation. 

The race's outcome remains uncertain, but security experts emphasize the critical importance of equipping legitimate defenders with advanced AI tools before they fall into criminal hands. Success in this endeavor could prove instrumental in thwarting the emerging wave of AI-fueled cyberattacks that are becoming increasingly sophisticated and autonomous. 

This evolution marks a significant milestone in cybersecurity, as artificial intelligence transitions from merely advising on attack strategies to actively executing complex criminal operations independently.
Read more »
Ransomwares
AI Chatbots AI Models AI Techniques Cyber Crime Cyber Extortion Cyber Hackers Data Extortion international cybercrime operation Ransomwares

Hacker Exploits AI Chatbot Claude in Unprecedented Cybercrime Operation

 

A hacker has carried out one of the most advanced AI-driven cybercrime operations ever documented, using Anthropic’s Claude chatbot to identify targets, steal sensitive data, and even draft extortion emails, according to a new report from the company. 

It Anthropic disclosed that the attacker leveraged Claude Code — a version of its AI model designed for generating computer code — to assist in nearly every stage of the operation. The campaign targeted at least 17 organizations across industries including defense, finance, and healthcare, making it the most comprehensive example yet of artificial intelligence being exploited for cyber extortion. 

Cyber extortion typically involves hackers stealing confidential data and demanding payment to prevent its release. AI has already played a role in such crimes, with chatbots being used to write phishing emails. However, Anthropic’s findings mark the first publicly confirmed case in which a mainstream AI model automated nearly the entire lifecycle of a cyberattack. 

The hacker reportedly prompted Claude to scan for vulnerable companies, generate malicious code to infiltrate systems, and extract confidential files. The AI system then organized the stolen data, analyzed which documents carried the highest value, and suggested ransom amounts based on victims’ financial information. It also drafted extortion notes demanding bitcoin payments, which ranged from $75,000 to more than $500,000. 

Jacob Klein, Anthropic’s head of threat intelligence, said the operation was likely conducted by a single actor outside the United States and unfolded over three months. “We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques,” Klein explained. 

The report revealed that stolen material included Social Security numbers, bank records, medical data, and files tied to sensitive defense projects regulated by the U.S. State Department. Anthropic did not disclose which companies were affected, nor did it confirm whether any ransom payments were made. 

While the company declined to detail exactly how the hacker bypassed safeguards, it emphasized that additional protections have since been introduced. “We expect this model of cybercrime to become more common as AI lowers the barrier to entry for sophisticated operations,” Anthropic warned. 

The case underscores growing concerns about the intersection of AI and cybersecurity. With the AI sector largely self-regulated in the U.S., experts fear similar incidents could accelerate unless stronger oversight and security standards are enforced.
Read more »
Piracy
Cyber Crime Infostealer Pakistani Scammer Piracy

Pakistani Cybercriminals Turn Piracy Against Pirates in $4M Malware Scheme

 

A massive cybercrime operation based in Pakistan has been exposed after running a sophisticated infostealer malware campaign for five years, generating over $4 million by targeting software pirates. 

Operation details

The criminal network, primarily operating from Bahawalpur and Faisalabad, functioned like a multi-level marketing scheme but distributed malicious code instead of legitimate products. According to research, the group used search engine optimisation poisoning and forum posts to advertise pirated software such as Adobe After Effects and Internet Download Manager. 

Victims were redirected to malicious WordPress sites where infostealer malware, including Lumma Stealer, Meta Stealer, and AMOS was hidden within password-protected archives. The operation utilised disposable domains to mask the true source of infections, making detection more difficult. 

Financial infrastructure

The scheme's backbone consisted of two Pay-Per-Install (PPI) networks: InstallBank and SpaxMedia (later rebranded as Installstera). Over 5,200 affiliates operated at least 3,500 sites, earning payments for each successful malware installation or download. Payments were processed primarily through Payoneer and Bitcoin. 

The scale was enormous, with records showing 449 million clicks and more than 1.88 million installations during the documented period. Long-running domains proved most profitable, with a small fraction generating the majority of revenue. 

Downfall and exposure

The operation was accidentally exposed when the attackers themselves became infected by infostealer malware, revealing credentials, communications, and backend access to their own systems. This breach uncovered evidence of family involvement, with recurring surnames and shared accounts throughout the infrastructure. The group evolved their tactics over time, shifting from install-based tracking in 2020 to download-focused metrics in later years, possibly to evade detection or adapt monetisation methods. 

How to stay safe 

  • Avoid cracked or pirated software; rely on official developer sites and reputable distributors to prevent infostealer exposure at the source. 
  • Keep security suites updated and configure firewalls to block outbound C2 communication, reducing post-compromise impact if malware executes. 
  • Enable multi-factor authentication so stolen credentials are insufficient for account takeovers, and monitor accounts for identity-theft signals.
  • Maintain offline or secure cloud backups for recovery, stay alert to suspicious domain activity, and distrust “free” offers for expensive software that often hide hidden risks.
Read more »
Samourai Wallet
Blockchain cryptocurrency Cyber Crime DOJ Money Laundering Samourai Wallet

‘Samourai’ Cryptomixer Founders Admit to Money Laundering Charges

 


Two executives behind a cryptocurrency service called Samourai Wallet have admitted in court that they helped criminals hide more than $200 million.

Keonne Rodriguez, the company’s CEO, and William Lonergan Hill, its chief technology officer, pleaded guilty to conspiracy charges in the United States. Both men admitted they had knowingly operated an unlicensed money-transmitting business that was used to clean illegal funds.

Under the law, Rodriguez and Hill face a maximum prison sentence of five years each, along with financial penalties. They will also have to give up more than $200 million as part of their plea deal.

The U.S. Department of Justice (DOJ) had first arrested the pair in April last year. Prosecutors accused them of two main crimes: running a business without the required license and laundering money, a serious charge that can carry up to 20 years in prison.

Authorities say the two executives built Samourai in 2015 with tools designed to make it harder to track money on the blockchain, which is the public digital record of cryptocurrency transactions.

Samourai’s services worked in two main ways:

• Whirlpool: A mixing feature that bundled together Bitcoin transactions from multiple users. This made it harder to trace where the money originally came from.

• Ricochet: A tool that added extra steps called “hops” between the sending and receiving addresses. This technique was meant to confuse investigators and disguise the money trail.

Prosecutors explained that these tools were heavily used by cybercriminals. They were linked to proceeds from online thefts, drug trafficking, and fraud schemes. According to the DOJ, the scale of activity was massive: between 2017 and 2019, over 80,000 Bitcoin flowed through Samourai’s services. At the time of those transactions, the total value was estimated at more than $2 billion.

While the company portrayed itself as offering privacy, federal investigators say it profited directly from crime. Samourai’s mixing services alone generated more than $6 million in fees for Rodriguez and Hill.

Speaking about the case, U.S. Attorney Nicolas Roos emphasized that when cryptocurrency platforms are abused for crime, it damages public trust and puts pressure on legitimate companies trying to operate within the law.

The case underlines how regulators are cracking down on cryptocurrency “mixers,” services that blend together digital transactions to hide their origins. While privacy is one of cryptocurrency’s appeals, officials warn that these tools often provide cover for large-scale money laundering.

Read more »
Ransomware
BYOVD Attack Cyber Crime Data Stolen EDR Ransomware

New Hacking Tool Lets Ransomware Groups Disable Security Systems

 



Cybersecurity experts have discovered a new malicious tool designed to shut down computer security programs, allowing hackers to attack systems without being detected. The tool, which appears to be an updated version of an older program called EDRKillShifter, is being used by at least eight separate ransomware gangs.

According to researchers at Sophos, the groups using it include RansomHub, Blacksuit, Medusa, Qilin, Dragonforce, Crytox, Lynx, and INC. These criminal gangs use such programs to disable antivirus and Endpoint Detection and Response (EDR) systems software meant to detect and stop cyberattacks. Once these protections are switched off, hackers can install ransomware, steal data, move through the network, and lock down devices.


How the Tool Works

The new tool is heavily disguised to make it difficult for security software to spot. It starts by running a scrambled code that “unlocks” itself while running, then hides inside legitimate applications to avoid suspicion.

Next, it looks for a specific type of computer file called a driver. This driver is usually digitally signed, meaning it appears to be safe software from a trusted company but in this case, the signature is stolen or outdated. If the driver matches a name hidden in the tool’s code, the hackers load it into the computer’s operating system.

This technique is called a “Bring Your Own Vulnerable Driver” (BYOVD) attack. By using a driver with security weaknesses, the hackers gain deep control of the system, including the ability to shut down security tools.

The driver pretends to be a legitimate file, sometimes even mimicking trusted products like the CrowdStrike Falcon Sensor Driver. Once active, it terminates the processes and services of security products from well-known vendors such as Microsoft Defender, Kaspersky, Symantec, Trend Micro, SentinelOne, McAfee, F-Secure, and others.


Shared Development, Not Leaks

Sophos notes that while the tool appears in attacks by many different groups, it is not a case of one stolen copy being passed around. Instead, it seems to be part of a shared development project, with each group using a slightly different version — changing driver names, targeted software, or technical details. All versions use the same “HeartCrypt” method to hide their code, suggesting close cooperation among the groups.


A Common Criminal Practice

This is not the first time such tools have been shared in the ransomware world. In the past, programs like AuKill and AvNeutralizer have been sold or distributed to multiple criminal gangs, allowing them to disable security tools before launching attacks.

The discovery of this new tool is a reminder that ransomware operators are constantly improving their methods and working together to overcome defenses. Security experts stress the need for updated protections and awareness to defend against such coordinated threats.

Read more »
Everest Group
Cyber Crime cybersecurity news Data Theft Everest Group

Cybercrime Group Claims Theft of MailChimp Client Data

 

The Russian-speaking cybercrime group Everest says it has stolen a large trove of data from email marketing giant Mailchimp, but the company has denied any evidence of a security incident. Everest announced the alleged breach on its dark web leak site, claiming to possess a 767 MB database with 943,536 rows of information. 

The group said the stolen material includes internal company documents alongside a “wide variety” of customer data. However, cybersecurity analysts examining a sample of the leaked files found the contents less alarming than Everest’s claims suggest. According to reports, the dataset appears to be structured business information rather than highly sensitive internal records. 

The entries include domain names, corporate email addresses, phone numbers, locations, GDPR region tags, social media profiles, and hosting provider details. Many records also list the technology stacks used by the companies such as Shopify, WordPress, Amazon, Google Cloud, and PayPal, hinting that the information may have originated from a marketing or CRM export instead of Mailchimp’s core systems. 

In a statement to media, Mailchimp’s parent company Intuit said: “The security of our products and our customers’ data are among our highest priorities. We are aware of the claims regarding Intuit Mailchimp’s systems. Based on our investigation at this time, we have no evidence to suggest any security incidents or exfiltration of data from our systems.” 

What's about the Everest Group?

Active since late 2020, Everest has historically used a double-extortion model, encrypting victims’ data while threatening to leak it unless a ransom is paid. Past targets have included the Brazilian government and NASA. From late 2022 onward, the group has increasingly operated as an Initial Access Broker (IAB), selling access to compromised networks instead of deploying ransomware directly. 

Recently, it has acted more as a data broker, publishing stolen material from companies such as Coca-Cola, the Saudi Arabian Rezayat Group, and other high-profile organizations. While the true origin and sensitivity of the Mailchimp-linked dataset remain unconfirmed, security experts warn that even non-sensitive business data could be leveraged in phishing or social engineering campaigns.
Read more »
job seekers
apprenticeships Bank Bengaluru Cyber Crime Government Hackers job seekers

Hackers Tamper Govt Portal, Pocket ₹1.4 Lakh in Apprentice Stipends

 



Bengaluru — A government portal designed to support apprenticeships in India has become the latest target of cybercriminals. Hackers reportedly accessed the site and changed the bank details of several registered candidates, redirecting their stipend payments into unauthorized accounts.

The breach took place on the apprenticeshipindia.gov.in website, which is managed by the Ministry of Skill Development and Entrepreneurship. The platform is used by students and job seekers to apply for apprenticeship programs and receive government-backed financial support. Employers also use the site to onboard trainees and apply for partial stipend reimbursements under the National Apprenticeship Promotion Scheme (NAPS).

The issue came to light after a Bengaluru-based training institute, Cadmaxx Solution Education Trust, filed a complaint with the cybercrime police. According to Arun Kumar D, the organization’s CEO and director, the hacking activity spanned several months between January 3 and July 4, during which the attackers managed to manipulate banking information for six enrolled candidates.

Once the fraudulent bank account numbers were entered into the portal, the stipend funds were transferred to accounts held with HDFC Bank, State Bank of India, Axis Bank, and NSDL Payments Bank. The total amount diverted was ₹1,46,073, according to the complaint.

The cybercrime division in West Bengaluru registered an official case on July 26. Police have charged the unidentified perpetrators under multiple sections of the Information Technology Act, including those related to data tampering, unauthorized system access, and identity theft.

A senior officer involved in the case said investigators are working to trace the flow of funds by gathering account details from the banks involved. They are also reviewing server logs and IP addresses to understand how the portal was accessed whether it was through an external cyberattack or due to internal misuse.

Authorities mentioned that, if necessary, the matter will be escalated to CERT-In (Indian Computer Emergency Response Team), which handles major cybersecurity incidents at the national level.

This incident raises serious concerns about the protection of financial and personal data on public service websites, especially those used by students and job seekers. It also highlights the growing trend of hackers targeting official government platforms to exploit funding systems.

Read more »
Neblio Technologies
Bengaluru Firm Business Security Crypto Fraud Cyber Crime Neblio Technologies

Hackers Stole 384 Crore From Bengaluru Cryptocurrency Firm

 

In what is arguably the biggest cyberattack on an Indian cryptocurrency company, Neblio Technologies Private Limited, located in Bengaluru, was allegedly robbed off Rs. 384 crore. The company owns CoinDCX, a cryptocurrency exchange platform.

The company claims that someone hacked Neblio's wallet and transferred $44 million (roughly Rs. 384 crore). An employee named Rahul Agarwal is at the focus of this inquiry since his laptop was hijacked to facilitate the alleged transfer. 

Authorities investigating cybercrime are currently looking into the occurrence. When Hardeep Singh, Vice-President, Public Policy and Government Affairs, Neblio Technologies, learnt that the company's wallet had been compromised, the theft became apparent. Around 2.37 a.m. on July 19, cryptocurrency valued at Rs. 384 crore ($44 billion) was transferred to six separate accounts. 

The company's internal investigation found that Rahul Agarwal's laptop had been compromised. Investigators discovered that Agarwal's personal account had received a transfer of Rs. 15 lakh. Agarwal stated he was working a part-time job when questioned.

In his complaint, Singh said that Agarwal had been expressly told not to use the laptop for any other reason and that it was only to be used for official business. Singh believes Agarwal may have conspired with unidentified individuals to execute the hack, according to police sources.

“As the matter is currently under active investigation by the relevant authorities, we are unable to share further details at this point to ensure the integrity of the process is not compromised. We urge the media and the public to avoid speculation or the circulation of unverified information, as it may impede the ongoing investigation,” a Nebilo spokesperson stated. 

Police are still investigating the cyber robbery, which is among the largest crypto thefts reported in India. This incident illustrates crypto companies' increased vulnerability to high-stakes cyberattacks as use grows.
Read more »
United States
Cyber Crime Extradition Federal Agency Ransomware attack United States

Armenian Man Extradited to US After Targeting Oregon Tech Firm

 

The Justice Department said Wednesday last week that an Armenian national is in federal custody on charges related to their alleged involvement in a wave of Ryuk ransomware attacks in 2019 and 2020. On June 18, Karen Serobovich Vardanyan, 33, was extradited to the United States from Ukraine. 

On June 20, he appeared in federal court and pleaded not guilty to the allegations. The seven-day jury trial Vardanyan is awaiting is set to start on August 26. The prosecution charged Vardanyan with conspiracy, computer-related fraud, and computer-related extortion Each charge carries a maximum penalty of five years in federal prison and a $250,000 fine. 

Vardanyan and his accomplices, who include 45-year-old Levon Georgiyovych Avetisyan of Armenia and two 53-year-old Ukrainians, Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko, are charged with gaining unauthorised access to computer networks in order to install Ryuk ransomware on hundreds of compromised workstations and servers between March 2019 and September 2020. 

Lyulyava and Prykhodchenko are still at large, while Avetisyan is in France awaiting a request for extradition from the United States. According to authorities, the Ryuk ransomware was widespread in 2019 and 2020, infecting thousands of people worldwide in the private sector, state and local governments, local school districts, and critical infrastructure. 

Among these are a series of assaults on American hospitals and a technology company in Oregon, where Vardanyan is the subject of a trial by federal authorities. Ryuk ransomware attacks have affected Hollywood Presbyterian Medical Centre, Universal Health Services, Electronic Warfare Associates, a North Carolina water company, and several U.S. newspapers. 

Ryuk ransomware operators extorted victim firms by demanding Bitcoin ransom payments in exchange for decryption keys. According to Justice Department officials, Vardanyan and his co-conspirators received approximately 1,160 bitcoins in ransom payments from victim companies, totalling more than $15 million at the time.
Read more »
User Privacy
Cyber Crime Data Leak Fraud Campaign Southeast Asia User Privacy

Asia is a Major Hub For Cybercrime, And AI is Poised to Exacerbate The Problem

 

Southeast Asia has emerged as a global hotspot for cybercrimes, where human trafficking and high-tech fraud collide. Criminal syndicates operate large-scale "pig butchering" operations in nations like Cambodia and Myanmar, which are scam centres manned by trafficked individuals compelled to defraud victims in affluent markets like Singapore and Hong Kong. 

The scale is staggering: one UN estimate puts the global losses from these scams at $37 billion. And things may soon get worse. The spike in cybercrime in the region has already had an impact on politics and policy. Thailand has reported a reduction in Chinese visitors this year, after a Chinese actor was kidnapped and forced to work in a Myanmar-based scam camp; Bangkok is now having to convince tourists that it is safe to visit. Singapore recently enacted an anti-fraud law that authorises law enforcement to freeze the bank accounts of scam victims. 

But why has Asia become associated with cybercrime? Ben Goodman, Okta's general manager for Asia-Pacific, observes that the region has several distinct characteristics that make cybercrime schemes simpler to carry out. For example, the region is a "mobile-first market": popular mobile messaging apps including WhatsApp, Line, and WeChat promote direct communication between the fraudster and the victim. 

AI is also helping scammers navigate Asia's linguistic variety. Goodman observes that machine translations, although a "phenomenal use case for AI," can make it "easier for people to be baited into clicking the wrong links or approving something.” Nation-states are also becoming involved. Goodman also mentions suspicions that North Korea is hiring fake employees at major tech companies to acquire intelligence and bring much-needed funds into the isolated country. 

A new threat: Shadow AI 

Goodman is concerned about a new AI risk in the workplace: "shadow" AI, which involves individuals utilising private accounts to access AI models without firm monitoring. That could be someone preparing a presentation for a company review, going into ChatGPT on their own personal account, and generating an image.

This can result in employees unintentionally submitting private information to a public AI platform, creating "potentially a lot of risk in terms of information leakage. The lines separating your personal and professional identities may likewise be blurred by agentic AI; for instance, something associated with your personal email rather than your business one. 

And this is when it gets tricky for Goodman. Because AI agents have the ability to make decisions on behalf of users, it's critical to distinguish between users acting in their personal and professional capacities. “If your human identity is ever stolen, the blast radius in terms of what can be done quickly to steal money from you or damage your reputation is much greater,” Goodman warned.
Read more »
Russia
Bitcoin Crypto Mining Cyber Crime electricity Russia

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply

 


In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.


What Is Crypto Mining, and Why Is It Controversial?

Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.


Why Was This Setup a Problem?

While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.

The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.


Not the First Incident

This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.


Wider Energy and Security Impacts

Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.

Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.


The Environmental Cost

Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.

Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.

Read more »
North Korea
AI Artificial Intelligence Cloud Cyber Crime Data Deepfakes Extortion Internet lazarus North Korea

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

North Korean hackers are infiltrating high-profile US-based tech firms through scams. Recently, they have even advanced their tactics, according to the experts. In a recent investigation by Microsoft, the company has requested its peers to enforce stronger pre-employment verification measures and make policies to stop unauthorized IT management tools. 

Further investigation by the US government revealed that these actors were working to steal money for the North Korean government and use the funds to run its government operations and its weapons program.  

US imposes sanctions against North Korea

The US has imposed strict sanctions on North Korea, which restrict US companies from hiring North Korean nationals. It has led to threat actors making fake identities and using all kinds of tricks (such as VPNs) to obscure their real identities and locations. This is being done to avoid getting caught and get easily hired. 

Recently, the threat actors have started using spoof tactics such as voice-changing tools and AI-generated documents to appear credible. In one incident, the scammers somehow used an individual residing in New Jersey, who set up shell companies to fool victims into believing they were paying a legitimate local business. The same individual also helped overseas partners to get recruited. 

DoJ arrests accused

The clever campaign has now come to an end, as the US Department of Justice (DoJ) arrested and charged a US national called Zhenxing “Danny” Wanf with operating a “year-long” scam. The scheme earned over $5 million. The agency also arrested eight more people - six Chinese and two Taiwanese nationals. The arrested individuals are charged with money laundering, identity theft, hacking, sanctions violations, and conspiring to commit wire fraud.

In addition to getting paid in these jobs, which Microsoft says is a hefty payment, these individuals also get access to private organization data. They exploit this access by stealing sensitive information and blackmailing the company.

Lazarus group behind such scams

One of the largest and most infamous hacking gangs worldwide is the North Korean state-sponsored group, Lazarus. According to experts, the gang extorted billions of dollars from the Korean government through similar scams. The entire campaign is popular as “Operation DreamJob”. 

"To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers," said Microsoft.

Read more »
Subscribe to: Comments (Atom)