Cybercrime

Russian police arrest 300 in major crypto scam bust

Russian authorities have arrested over 300 individuals in Moscow during a major crackdown on an alleged international cryptocurrency scam ring. The Ministry of Internal Affairs revealed that the group operated several fraudulent call centres, using around 500 workstations to target victims in over 20 countries. The suspects reportedly persuaded individuals to invest in fake cryptocurrency platforms before disappearing with their funds.

Investigators believe the ring was tied to a broader international network led by Yegor Burkin, a fugitive associated with the Khimprom organised crime group, also known for drug smuggling activities. Police claimed that some stolen funds may have been used to support the Ukrainian Armed Forces, adding a geopolitical angle to the case.

Officials highlighted the increasing sophistication of crypto scams, with fraudsters using spoofed phone numbers, fake documents, and professional terminology to appear legitimate. The Ministry warned that such scams are on the rise, with many targeting foreign nationals and employing multilingual staff to reach victims worldwide.

California court orders $5 Million in Ponzi scheme penalties

A California court has ordered five individuals to pay over $5 million for their roles in the IcomTech Ponzi scheme. Between 2018 and 2019, the scheme defrauded investors through a fake Bitcoin trading platform. IcomTech promised 100% returns every six weeks, ultimately misappropriating $8.4 million of victims’ funds.

The group, led by founder David Carmona, lured over 190 investors with lavish expos and false claims of wealth. The court found them guilty of violating the Commodity Exchange Act and Commodity Futures Trading Commission (CFTC) regulations. Each was fined $1 million and banned from trading in CFTC-regulated markets.

In addition to financial penalties, the individuals received prison sentences ranging from five to ten years. The CFTC emphasised the importance of protecting investors from such schemes, urging vigilance in the cryptocurrency sector.

Australian Federal Police leverage AI for investigations

The Australian Federal Police (AFP) is increasingly turning to AI to handle the vast amounts of data it encounters during investigations. With investigations involving up to 40 terabytes of data on average, AI has become essential in sifting through information from sources like seized phones, child exploitation referrals, and cyber incidents. Benjamin Lamont, AFP’s manager for technology strategy, emphasised the need for AI, given the overwhelming scale of data, stating that AI is crucial to help manage cases, including reviewing massive amounts of video footage and emails.

The AFP is also working on custom AI solutions, including tools for structuring large datasets and identifying potential criminal activity from old mobile phones. One such dataset is a staggering 10 petabytes, while individual phones can hold up to 1 terabyte of data. Lamont pointed out that AI plays a crucial role in making these files easier for officers to process, which would otherwise be an impossible task for human investigators alone. The AFP is also developing AI systems to detect deepfake images and protect officers from graphic content by summarising or modifying such material before it’s viewed.

While the AFP has faced criticism over its use of AI, particularly for using Clearview AI for facial recognition, Lamont acknowledged the need for continuous ethical oversight. The AFP has implemented a responsible technology committee to ensure AI use remains ethical, emphasising the importance of transparency and human oversight in AI-driven decisions.

Former WEX head detained in Warsaw

Polish authorities have detained Dmitry V., the former head of Russia’s crypto exchange WEX, in Warsaw following an extradition request from the US Department of Justice. During his tenure at WEX, Dmitry V. was suspected of fraud and money laundering. He is facing potential extradition to the US, where charges could carry a maximum 20-year prison sentence.

Dmitry V. has been linked to WEX, a successor to BTC-e, once Russia’s largest cryptocurrency platform before its collapse in 2018. The exchange was infamous for lax identity checks and ties to high-profile crypto hacks, including the Mt. Gox breach. Around $450 million remains unaccounted for from WEX, which had processed over $9 billion in transactions during its operation.

This is not Dmitry V.’s first arrest; he was previously detained in Poland in 2021 and later apprehended by Interpol in Croatia in 2022. His history also includes a 2019 arrest in Italy, which was short-lived due to errors in the extradition process.

Pavel Durov faces Paris court over Telegram allegations

Pavel Durov, founder of Telegram, appeared in a Paris court on 6 December to address allegations that the messaging app has facilitated criminal activity. Represented by his lawyers, Durov reportedly stated he trusted the French justice system but declined to comment further on the case.

The legal proceedings stem from charges brought against Durov in August, accusing him of running a platform that enables illicit transactions. Following his arrest at Le Bourget airport, he posted a $6 million bail and has been barred from leaving France until March 2025. If convicted, he could face up to 10 years in prison and a fine of 500,000 euros.

Industry experts fear the case against Durov reflects a broader crackdown on privacy-preserving technologies in the Web3 space. Parallels have been drawn with the arrest of Tornado Cash developer Alexey Pertsev, raising concerns over government overreach and the implications for digital privacy.

Blue Yonder hit by data theft in cyberattack

Supply chain software company Blue Yonder is investigating claims of data theft after the ‘Termite’ ransomware group threatened to release stolen data. The Arizona-based company, which serves major clients like DHL, Starbucks, and Walgreens, was hit by a ransomware attack on 21 November. While Blue Yonder initially confirmed a cyberattack, it did not disclose the perpetrators.

The Termite group, which recently claimed responsibility for the breach on its dark web leak site, claims to have stolen 680 gigabytes of data, including documents, reports, and email lists. The group, believed to be a rebranded version of the Babuk ransomware gang, has threatened to release the data soon. Blue Yonder is working with cybersecurity experts to investigate the breach and has notified impacted customers, though it has not confirmed specific details about the stolen data.

The attack has caused operational disruptions for some clients, including UK supermarkets Morrisons and Sainsbury’s, and US company Starbucks, which was forced to manually calculate employee pay. The full extent of the attack on Blue Yonder’s 3,000+ customers remains unclear.

FCC targets cybersecurity in the telecom sector

FCC Chairwoman Jessica Rosenworcel has proposed requiring US communications providers to certify annually that they have plans to defend against cyberattacks. The move comes amid growing concerns over espionage by ‘Salt Typhoon,’ a hacking group allegedly linked to Beijing that has infiltrated several American telecom companies to steal call data.

Rosenworcel highlighted the need for a modern framework to secure networks as US intelligence agencies assess the impact of Salt Typhoon’s widespread attack. A senior US official confirmed the hackers had stolen metadata from numerous Americans, breaching at least eight telecom firms.

The FCC proposal, which Rosenworcel has circulated to other commissioners, would take effect immediately if approved. The announcement follows a classified Senate briefing on the breach, but industry giants like Verizon, AT&T, and T-Mobile have yet to comment.

Tensions rise over alleged election interference in Romania

Romania has been subjected to ‘aggressive hybrid Russian attacks’ during a series of recent elections, according to declassified documents from the country’s security council. The revelations come ahead of a presidential runoff between pro-Russian far-right candidate Calin Georgescu and pro-European centrist Elena Lasconi. Georgescu’s unexpected rise, attributed in part to coordinated promotion on TikTok, has raised alarms in this European Union and NATO member state.

Romanian intelligence reported over 85,000 cyber attacks exploiting vulnerabilities, including the publication of election website access data on Russian cybercrime platforms. The attacks persisted on election day and beyond, with officials concluding they stemmed from resources typical of a state actor. Russia has denied any involvement in the election.

If Georgescu wins, his anti-NATO stance and opposition to aiding Ukraine could isolate Romania from Western allies, marking a significant geopolitical shift. The alleged cyber campaigns have intensified concerns about election integrity in the region, drawing attention to the role of foreign interference in shaping democratic outcomes.

Axiado aims to block cyberattacks with hardware innovation

With organisations facing an average of 1,300 cyberattacks per week, Axiado is stepping up with a novel defence: a specialised security chip designed to protect digital infrastructure. Founded in 2017, the Silicon Valley-based startup recently secured $60M in Series C funding led by Maverick Silicon, with participation from Samsung Catalyst Fund and other investors. This brings Axiado’s total funding to $140M.

Axiado’s chip defends against boot-level and runtime security threats, ensuring the integrity of devices from data centres to 5G base stations. It uses root-of-trust technology to prevent hardware tampering and leverages AI-powered analytics to detect malicious data patterns. The company’s chip is positioned as a complement to existing software-based cybersecurity measures, acting as a last line of defence against sophisticated attacks.

The new funds will support Axiado’s go-to-market efforts and help transition its products into mass production by 2025. CEO Gopi Sirineni highlights the growing need for hardware-based security solutions, particularly as the stakes rise in the fight against cybercrime. With partnerships like the one with Jabil to develop server cybersecurity solutions, Axiado is set to expand its reach while competing with industry heavyweights and open-source projects such as Google’s OpenTitan.

Europol takes down encrypted messaging service ‘designed by criminals for criminals’

European authorities have dismantled a sophisticated encrypted messaging app called Matrix, allegedly designed ‘by criminals for criminals,’ according to Europol. Discovered on the phone of a suspect involved in the 2021 murder of a Dutch journalist, Matrix was accessible by invitation only, hosted on 40 servers across multiple countries, and provided features like anonymous internet access, video calls, and transaction tracking. Subscription costs ranged from €1,300 to €1,600 for six months.

During a three-month investigation, authorities intercepted and analysed over 2.3 million messages exchanged on the platform in 33 languages. These communications revealed links to major crimes, including international drug and arms trafficking, as well as money laundering. The operation, led by law enforcement in the Netherlands, France, Lithuania, Italy, and Spain, resulted in the seizure of €145,000 in cash and half a million euros in cryptocurrency.

This takedown follows similar actions against encrypted platforms such as Ghost, Exclu, and EncroChat, highlighting a trend of criminals adopting smaller, more complex communication services. Europol emphasised that these platforms are increasingly used for illicit activities, while Dutch authorities warned that serious criminals ‘wrongly believe they can still operate in secret.’

Arrests were made in France and Spain, while main servers were seized in France and Germany, signalling an intensified effort to disrupt organised crime networks.