Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Elimination of Hive, withdrawal of ALPHV systems and other victories of the police over evil in the past year.
In 2023, we will witness numerous law enforcement operations aimed at combating cybercrime, including cryptocurrency fraud, phishing attacks, identity theft, malware development, and ransomware attacks.
While some of these operations have been more successful than others, law enforcement agencies are increasingly using hacking tactics to break into criminals ' infrastructure and track their activities.
Below is a list of the largest transactions in chronological order.
Hive ransomware stopped working after the FBI hacked the group's systems
The US Department of Justice and Europol announced that agents in an international law enforcement operation secretly penetrated the Hive group's infrastructure in July 2022, when they began secretly monitoring cybercriminals for 6 months.
In January 2023, the FBI confiscated Tor sites designed to pay for and leak data from the Hive ransomware program. Presumably, the band members renamed themselves Hunters International after a short break in their work.
The police hacked the "secure" message platform Exclu to keep an eye on criminals
The investigation against Exclu began in 2020 by the German police after the liquidation of the German Internet service provider "CyberBunker" or "CB3ROB", which served some criminal sites on the Internet, including The Pirate Bay and Exclu. During the operation, the police conducted 79 targeted searches in the Netherlands, Germany and Belgium and arrested 42 people.
DoppelPaymer ransomware victims of Europol operation
During the Europol operation, the homes of suspected key members of the DoppelPaymer ransomware gang were searched.
The police confiscated the infrastructure of the Netwire Trojan and arrested the administrator
An international law enforcement operation involving the FBI and police agencies around the world led to the arrest of a suspect who allegedly operated a website selling the NetWire Remote Access Trojan (RAT) for several years. During the operation, the domain and host servers of the service were also confiscated.
NetWire was a RAT Trojan advertised as a legitimate remote administration tool for Windows. Since at least 2014, NetWire has become the preferred tool for various malicious activities, including phishing, BEC attacks, and hacking corporate networks.
UK creates DDoS service sites to identify cybercriminals
As part of Operation PowerOFF, UK law enforcement agencies created several fake "DDoS-for-hire" websites to identify cybercriminals who use such platforms to attack organizations.
Several thousand people got access to fake sites that imitated a real DDoS service. However, instead of providing access to DDoS attack tools, the sites collected information about those who wanted to use such services.
The United States confiscated $112 million from fraudsters involved in investing in cryptocurrency
The US Department of Justice has confiscated 6 virtual currency accounts containing funds worth more than $112 million stolen as part of cryptocurrency investment schemes. The Ministry of Justice said that all victims will be returned the stolen cryptocurrency.
Fraudsters in the Pig Butchering scheme reach out to their victims through dating sites, instant messengers, or social networks, gain trust, and introduce them to investment schemes that ultimately allow them to empty the targets ' crypto wallets.
Hijacking the marketplace of stolen Genesis Market credentials during the Cookie Monster operation
The domains and infrastructure of Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were confiscated by law enforcement as part of Operation Cookie Monster.
The complete Genesis Market database consisted of 1.5 million bots, providing more than 2 million identification data. At the time of removal, there were more than 460,000 bots on sale. In total, the platform offered about 80 million credentials and digital fingerprints.
Arrests of 288 drug sellers and buyers on the darknet
An international law enforcement operation codenamed "SpecTor" led to the arrests of 288 suppliers and their customers worldwide, with police seizing €50.8 million ($55.9 million) in cash and cryptocurrency.
The sellers operated in a marketplace known as the" Monopoly Market", where banned substances were sold to buyers around the world in exchange for bitcoin and the Monero cryptocurrency. In addition, Milomir Desnica, a 33-year-old citizen of Croatia and Serbia, was accused of creating and managing a Monopoly Market, which earned about $18 million from selling drugs. In court, he received a life sentence.
The FBI Confiscated 9 crypto exchanges Used to launder ransom payments from ransomware Victims
During the operation, 9 cryptocurrency exchanges were blocked that contributed to money laundering by cybercriminals, including ransomware operators. Exchanges were in high demand among criminals, as they did not have any restrictions on money laundering and collected either minimal or no customer information at all.
The FBI confiscated BreachForums after the arrest of forum owner Pompompurin
US law enforcement agencies confiscated the domain of the notorious hacker forum BreachForums (Breached) 3 months after the arrest of its owner Conor Fitzpatrick (Pompompurin) on charges of cybercrime.
The EncroChat hack resulted in more than 6,600 arrests and the confiscation of $979 million
According to Europol, the closure of EncroChat in July 2020 resulted in 6,558 arrests worldwide and the confiscation of €900 million in illicit proceeds of crime. EncroChat phones used a special, enhanced version of Android, which promised users strong encryption, anonymity and the impossibility of tracking.
In 2020, European law enforcement agencies quietly penetrated the EncroChat platform and were able to analyze millions of messages exchanged by its users, after breaking the encryption algorithm.
After analyzing 15 million conversations between approximately 60,000 users of the platform, the police arrested 6,558 EncroChat users, including 197 high-profile individuals. The data also allowed the police to find and confiscate 270 tons of drugs, almost 1,000 cars, hundreds of properties, as well as weapons, explosives, planes and boats.
Qakbot botnet eliminated after infecting more than 700,000 computers
The FBI destroyed the infrastructure of the Qakbot botnet (Qbot) and released a tool to remove malware from infected devices.
According to conservative estimates, the botnet has been linked to at least 40 ransomware attacks on companies, medical facilities, and government agencies around the world, causing hundreds of millions of dollars in damage. In the last 18 months alone, losses have exceeded $58 million.
Over the years, Qakbot has consistently served as the initial infection vector for various ransomware groups. However, the success of the law enforcement operation may be short-lived, as it has already become known that QakBot is rebuilding its botnet.
Police reveal group behind ransomware attacks in 71 countries
In a joint operation with Europol, law enforcement agencies from 7 countries arrested key members of a cybercrime group that distributes ransomware and is responsible for attacks on various organizations in 71 countries. Members of this criminal network performed a variety of roles, including hacking IT networks and laundering cryptocurrencies.
The FBI stopped the Blackcat ransomware program and created a decryption tool
Thanks to gaining access to ALPHV's infrastructure , the FBI monitored the ransomware program for several months, siphoning decryption keys and passing them to victims.
3,500 arrests in 34 countries: Interpol eliminated an international network of online fraudsters
The international law enforcement operation "Operation HAECHI IV" to combat financial crimes on the Internet led to the arrest of almost 3,500 people and the confiscation of assets worth $300 million in 34 countries. The six-month operation involved countries in Asia, Africa, Europe, North America and Oceania.
The purpose of the operation was to combat seven types of cyber fraud – voice phishing (vishing), romance scams (romance scam), extortion, investment fraud, money laundering related to illegal online gambling, business Email Compromise (BEC) fraud, and e-commerce fraud.
German police shut down Kingdom Market's darknet marketplace
German law enforcement agencies conducted a successful operation to seize the servers of the Kingdom Market darknet market, known for selling drugs, malware, forged documents and other tools for cybercriminals.
Currently, the Kingdom Market server infrastructure is being analyzed to identify the individuals behind the site's operation. Police say 42,000 items were put up for sale at the market, 3,600 of which were from Germany.
In 2023, we will witness numerous law enforcement operations aimed at combating cybercrime, including cryptocurrency fraud, phishing attacks, identity theft, malware development, and ransomware attacks.
While some of these operations have been more successful than others, law enforcement agencies are increasingly using hacking tactics to break into criminals ' infrastructure and track their activities.
Below is a list of the largest transactions in chronological order.
Hive ransomware stopped working after the FBI hacked the group's systems
The US Department of Justice and Europol announced that agents in an international law enforcement operation secretly penetrated the Hive group's infrastructure in July 2022, when they began secretly monitoring cybercriminals for 6 months.
In January 2023, the FBI confiscated Tor sites designed to pay for and leak data from the Hive ransomware program. Presumably, the band members renamed themselves Hunters International after a short break in their work.
The police hacked the "secure" message platform Exclu to keep an eye on criminals
The investigation against Exclu began in 2020 by the German police after the liquidation of the German Internet service provider "CyberBunker" or "CB3ROB", which served some criminal sites on the Internet, including The Pirate Bay and Exclu. During the operation, the police conducted 79 targeted searches in the Netherlands, Germany and Belgium and arrested 42 people.
DoppelPaymer ransomware victims of Europol operation
During the Europol operation, the homes of suspected key members of the DoppelPaymer ransomware gang were searched.
The police confiscated the infrastructure of the Netwire Trojan and arrested the administrator
An international law enforcement operation involving the FBI and police agencies around the world led to the arrest of a suspect who allegedly operated a website selling the NetWire Remote Access Trojan (RAT) for several years. During the operation, the domain and host servers of the service were also confiscated.
NetWire was a RAT Trojan advertised as a legitimate remote administration tool for Windows. Since at least 2014, NetWire has become the preferred tool for various malicious activities, including phishing, BEC attacks, and hacking corporate networks.
UK creates DDoS service sites to identify cybercriminals
As part of Operation PowerOFF, UK law enforcement agencies created several fake "DDoS-for-hire" websites to identify cybercriminals who use such platforms to attack organizations.
Several thousand people got access to fake sites that imitated a real DDoS service. However, instead of providing access to DDoS attack tools, the sites collected information about those who wanted to use such services.
The United States confiscated $112 million from fraudsters involved in investing in cryptocurrency
The US Department of Justice has confiscated 6 virtual currency accounts containing funds worth more than $112 million stolen as part of cryptocurrency investment schemes. The Ministry of Justice said that all victims will be returned the stolen cryptocurrency.
Fraudsters in the Pig Butchering scheme reach out to their victims through dating sites, instant messengers, or social networks, gain trust, and introduce them to investment schemes that ultimately allow them to empty the targets ' crypto wallets.
Hijacking the marketplace of stolen Genesis Market credentials during the Cookie Monster operation
The domains and infrastructure of Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were confiscated by law enforcement as part of Operation Cookie Monster.
The complete Genesis Market database consisted of 1.5 million bots, providing more than 2 million identification data. At the time of removal, there were more than 460,000 bots on sale. In total, the platform offered about 80 million credentials and digital fingerprints.
Arrests of 288 drug sellers and buyers on the darknet
An international law enforcement operation codenamed "SpecTor" led to the arrests of 288 suppliers and their customers worldwide, with police seizing €50.8 million ($55.9 million) in cash and cryptocurrency.
The sellers operated in a marketplace known as the" Monopoly Market", where banned substances were sold to buyers around the world in exchange for bitcoin and the Monero cryptocurrency. In addition, Milomir Desnica, a 33-year-old citizen of Croatia and Serbia, was accused of creating and managing a Monopoly Market, which earned about $18 million from selling drugs. In court, he received a life sentence.
The FBI Confiscated 9 crypto exchanges Used to launder ransom payments from ransomware Victims
During the operation, 9 cryptocurrency exchanges were blocked that contributed to money laundering by cybercriminals, including ransomware operators. Exchanges were in high demand among criminals, as they did not have any restrictions on money laundering and collected either minimal or no customer information at all.
The FBI confiscated BreachForums after the arrest of forum owner Pompompurin
US law enforcement agencies confiscated the domain of the notorious hacker forum BreachForums (Breached) 3 months after the arrest of its owner Conor Fitzpatrick (Pompompurin) on charges of cybercrime.
The EncroChat hack resulted in more than 6,600 arrests and the confiscation of $979 million
According to Europol, the closure of EncroChat in July 2020 resulted in 6,558 arrests worldwide and the confiscation of €900 million in illicit proceeds of crime. EncroChat phones used a special, enhanced version of Android, which promised users strong encryption, anonymity and the impossibility of tracking.
In 2020, European law enforcement agencies quietly penetrated the EncroChat platform and were able to analyze millions of messages exchanged by its users, after breaking the encryption algorithm.
After analyzing 15 million conversations between approximately 60,000 users of the platform, the police arrested 6,558 EncroChat users, including 197 high-profile individuals. The data also allowed the police to find and confiscate 270 tons of drugs, almost 1,000 cars, hundreds of properties, as well as weapons, explosives, planes and boats.
Qakbot botnet eliminated after infecting more than 700,000 computers
The FBI destroyed the infrastructure of the Qakbot botnet (Qbot) and released a tool to remove malware from infected devices.
According to conservative estimates, the botnet has been linked to at least 40 ransomware attacks on companies, medical facilities, and government agencies around the world, causing hundreds of millions of dollars in damage. In the last 18 months alone, losses have exceeded $58 million.
Over the years, Qakbot has consistently served as the initial infection vector for various ransomware groups. However, the success of the law enforcement operation may be short-lived, as it has already become known that QakBot is rebuilding its botnet.
Police reveal group behind ransomware attacks in 71 countries
In a joint operation with Europol, law enforcement agencies from 7 countries arrested key members of a cybercrime group that distributes ransomware and is responsible for attacks on various organizations in 71 countries. Members of this criminal network performed a variety of roles, including hacking IT networks and laundering cryptocurrencies.
The FBI stopped the Blackcat ransomware program and created a decryption tool
Thanks to gaining access to ALPHV's infrastructure , the FBI monitored the ransomware program for several months, siphoning decryption keys and passing them to victims.
3,500 arrests in 34 countries: Interpol eliminated an international network of online fraudsters
The international law enforcement operation "Operation HAECHI IV" to combat financial crimes on the Internet led to the arrest of almost 3,500 people and the confiscation of assets worth $300 million in 34 countries. The six-month operation involved countries in Asia, Africa, Europe, North America and Oceania.
The purpose of the operation was to combat seven types of cyber fraud – voice phishing (vishing), romance scams (romance scam), extortion, investment fraud, money laundering related to illegal online gambling, business Email Compromise (BEC) fraud, and e-commerce fraud.
German police shut down Kingdom Market's darknet marketplace
German law enforcement agencies conducted a successful operation to seize the servers of the Kingdom Market darknet market, known for selling drugs, malware, forged documents and other tools for cybercriminals.
Currently, the Kingdom Market server infrastructure is being analyzed to identify the individuals behind the site's operation. Police say 42,000 items were put up for sale at the market, 3,600 of which were from Germany.
