Cybercrime

Former WEX head detained in Warsaw

Polish authorities have detained Dmitry V., the former head of Russia’s crypto exchange WEX, in Warsaw following an extradition request from the US Department of Justice. During his tenure at WEX, Dmitry V. was suspected of fraud and money laundering. He is facing potential extradition to the US, where charges could carry a maximum 20-year prison sentence.

Dmitry V. has been linked to WEX, a successor to BTC-e, once Russia’s largest cryptocurrency platform before its collapse in 2018. The exchange was infamous for lax identity checks and ties to high-profile crypto hacks, including the Mt. Gox breach. Around $450 million remains unaccounted for from WEX, which had processed over $9 billion in transactions during its operation.

This is not Dmitry V.’s first arrest; he was previously detained in Poland in 2021 and later apprehended by Interpol in Croatia in 2022. His history also includes a 2019 arrest in Italy, which was short-lived due to errors in the extradition process.

Pavel Durov faces Paris court over Telegram allegations

Pavel Durov, founder of Telegram, appeared in a Paris court on 6 December to address allegations that the messaging app has facilitated criminal activity. Represented by his lawyers, Durov reportedly stated he trusted the French justice system but declined to comment further on the case.

The legal proceedings stem from charges brought against Durov in August, accusing him of running a platform that enables illicit transactions. Following his arrest at Le Bourget airport, he posted a $6 million bail and has been barred from leaving France until March 2025. If convicted, he could face up to 10 years in prison and a fine of 500,000 euros.

Industry experts fear the case against Durov reflects a broader crackdown on privacy-preserving technologies in the Web3 space. Parallels have been drawn with the arrest of Tornado Cash developer Alexey Pertsev, raising concerns over government overreach and the implications for digital privacy.

Blue Yonder hit by data theft in cyberattack

Supply chain software company Blue Yonder is investigating claims of data theft after the ‘Termite’ ransomware group threatened to release stolen data. The Arizona-based company, which serves major clients like DHL, Starbucks, and Walgreens, was hit by a ransomware attack on 21 November. While Blue Yonder initially confirmed a cyberattack, it did not disclose the perpetrators.

The Termite group, which recently claimed responsibility for the breach on its dark web leak site, claims to have stolen 680 gigabytes of data, including documents, reports, and email lists. The group, believed to be a rebranded version of the Babuk ransomware gang, has threatened to release the data soon. Blue Yonder is working with cybersecurity experts to investigate the breach and has notified impacted customers, though it has not confirmed specific details about the stolen data.

The attack has caused operational disruptions for some clients, including UK supermarkets Morrisons and Sainsbury’s, and US company Starbucks, which was forced to manually calculate employee pay. The full extent of the attack on Blue Yonder’s 3,000+ customers remains unclear.

FCC targets cybersecurity in the telecom sector

FCC Chairwoman Jessica Rosenworcel has proposed requiring US communications providers to certify annually that they have plans to defend against cyberattacks. The move comes amid growing concerns over espionage by ‘Salt Typhoon,’ a hacking group allegedly linked to Beijing that has infiltrated several American telecom companies to steal call data.

Rosenworcel highlighted the need for a modern framework to secure networks as US intelligence agencies assess the impact of Salt Typhoon’s widespread attack. A senior US official confirmed the hackers had stolen metadata from numerous Americans, breaching at least eight telecom firms.

The FCC proposal, which Rosenworcel has circulated to other commissioners, would take effect immediately if approved. The announcement follows a classified Senate briefing on the breach, but industry giants like Verizon, AT&T, and T-Mobile have yet to comment.

Tensions rise over alleged election interference in Romania

Romania has been subjected to ‘aggressive hybrid Russian attacks’ during a series of recent elections, according to declassified documents from the country’s security council. The revelations come ahead of a presidential runoff between pro-Russian far-right candidate Calin Georgescu and pro-European centrist Elena Lasconi. Georgescu’s unexpected rise, attributed in part to coordinated promotion on TikTok, has raised alarms in this European Union and NATO member state.

Romanian intelligence reported over 85,000 cyber attacks exploiting vulnerabilities, including the publication of election website access data on Russian cybercrime platforms. The attacks persisted on election day and beyond, with officials concluding they stemmed from resources typical of a state actor. Russia has denied any involvement in the election.

If Georgescu wins, his anti-NATO stance and opposition to aiding Ukraine could isolate Romania from Western allies, marking a significant geopolitical shift. The alleged cyber campaigns have intensified concerns about election integrity in the region, drawing attention to the role of foreign interference in shaping democratic outcomes.

Axiado aims to block cyberattacks with hardware innovation

With organisations facing an average of 1,300 cyberattacks per week, Axiado is stepping up with a novel defence: a specialised security chip designed to protect digital infrastructure. Founded in 2017, the Silicon Valley-based startup recently secured $60M in Series C funding led by Maverick Silicon, with participation from Samsung Catalyst Fund and other investors. This brings Axiado’s total funding to $140M.

Axiado’s chip defends against boot-level and runtime security threats, ensuring the integrity of devices from data centres to 5G base stations. It uses root-of-trust technology to prevent hardware tampering and leverages AI-powered analytics to detect malicious data patterns. The company’s chip is positioned as a complement to existing software-based cybersecurity measures, acting as a last line of defence against sophisticated attacks.

The new funds will support Axiado’s go-to-market efforts and help transition its products into mass production by 2025. CEO Gopi Sirineni highlights the growing need for hardware-based security solutions, particularly as the stakes rise in the fight against cybercrime. With partnerships like the one with Jabil to develop server cybersecurity solutions, Axiado is set to expand its reach while competing with industry heavyweights and open-source projects such as Google’s OpenTitan.

Europol takes down encrypted messaging service ‘designed by criminals for criminals’

European authorities have dismantled a sophisticated encrypted messaging app called Matrix, allegedly designed ‘by criminals for criminals,’ according to Europol. Discovered on the phone of a suspect involved in the 2021 murder of a Dutch journalist, Matrix was accessible by invitation only, hosted on 40 servers across multiple countries, and provided features like anonymous internet access, video calls, and transaction tracking. Subscription costs ranged from €1,300 to €1,600 for six months.

During a three-month investigation, authorities intercepted and analysed over 2.3 million messages exchanged on the platform in 33 languages. These communications revealed links to major crimes, including international drug and arms trafficking, as well as money laundering. The operation, led by law enforcement in the Netherlands, France, Lithuania, Italy, and Spain, resulted in the seizure of €145,000 in cash and half a million euros in cryptocurrency.

This takedown follows similar actions against encrypted platforms such as Ghost, Exclu, and EncroChat, highlighting a trend of criminals adopting smaller, more complex communication services. Europol emphasised that these platforms are increasingly used for illicit activities, while Dutch authorities warned that serious criminals ‘wrongly believe they can still operate in secret.’

Arrests were made in France and Spain, while main servers were seized in France and Germany, signalling an intensified effort to disrupt organised crime networks.

US senators briefed on Chinese telecom hacking allegations

US agencies have briefed senators on ‘Salt Typhoon,’ a Chinese cyber-espionage campaign allegedly targeting American telecommunications networks. Officials claim the hackers stole call metadata and other sensitive information, affecting at least eight US telecom firms and dozens of companies worldwide. The breaches have sparked bipartisan concern, with some senators pressing for stronger preventive measures and legislation.

Telecom giants like Verizon, AT&T, and T-Mobile acknowledged the incidents but downplayed the impact on customer data. Federal agencies, including the FBI and Cybersecurity and Infrastructure Security Agency, emphasised the challenge of fully removing hackers from networks, while incoming FCC Chair Brendan Carr pledged to strengthen cybersecurity defences.

China has denied the allegations, calling them disinformation. Meanwhile, a Senate subcommittee hearing on December 11 will focus on the risks posed by such cyber threats and explore ways to protect US communications infrastructure.

US official advises encryption amid alleged Chinese hacking efforts

A senior United States cybersecurity official has urged Americans to embrace encryption to safeguard their communications, citing ongoing efforts to expel alleged Chinese hackers from US telecom networks. Jeff Greene, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), emphasised the importance of avoiding plaintext communications and recommending encrypted apps like Signal and WhatsApp.

US authorities have accused hackers from China of infiltrating telecommunications companies, such as T-Mobile, to access sensitive data, including call records and intercepted audio, predominantly from Washington, DC. Beijing has denied the allegations, calling them disinformation. Greene acknowledged that removing the hackers entirely from the networks could take an unpredictable amount of time, further underscoring the need for encryption to ensure secure communications.

The advice marks a notable shift from previous US government positions that questioned strong encryption’s impact on public safety. As concerns over foreign cyber intrusions grow, Greene’s remarks highlight encryption as a critical tool for Americans facing prolonged cybersecurity threats.

Russian court hands life sentence to Hydra founder

The founder of Hydra, a notorious darknet marketplace and crypto mixing service has been sentenced to life in prison by a Russian court. Stanislav Moiseev and 15 accomplices were convicted of running a criminal network that handled over $5 billion in cryptocurrency transactions, while also producing and selling illegal drugs and psychotropic substances. Moiseev was also fined $38,100, with additional fines imposed on his accomplices.

Hydra, which was dismantled in 2022 by German authorities, accounted for 80% of all darknet-related cryptocurrency transactions at its peak. It sold stolen credit card data, counterfeit currencies, and fake identity documents. Despite its shutdown, Hydra’s criminal operations left a significant mark, with its user base reportedly including 17 million customers and 19,000 vendors.

The sentences include prison terms ranging from eight to 23 years for Moiseev’s accomplices, alongside the seizure of properties, vehicles, and nearly a ton of drugs. Russian officials have been investigating Hydra since 2016, but the convictions are subject to appeal.