Aleksei Andriunin, the founder of cryptocurrency firm Gotbit, has been indicted in the US for alleged involvement in a conspiracy to manipulate cryptocurrency markets. The Justice Department claims that Andriunin and his firm provided market manipulation services to increase artificial trading volumes for various cryptocurrency companies from 2018 to 2024.
The superseding indictment also names Gotbit’s directors, Fedor Kedrov and Qawi Jalili, who were already charged earlier in October. Prosecutors allege that these actions aimed to distort the cryptocurrency markets, with several companies, including some in the United States, reportedly benefitting from these tactics.
If convicted, Andriunin faces significant penalties, with wire fraud charges carrying a potential 20-year prison sentence. He could also face an additional five years for conspiracy charges. The allegations form part of a larger crackdown on crypto market manipulation, which has already led to several arrests and asset seizures worth $25 million.
Recent moves by federal prosecutors highlight a more aggressive stance on crypto-related fraud. They have targeted multiple firms, including Gotbit, and several leaders have already agreed to plead guilty. The crackdown aims to strengthen transparency and curb malpractice in the cryptocurrency market.
Canada’s signals intelligence agency has identified China’s hacking activities as the most significant state-sponsored cyber threat facing the country, according to a new threat assessment. The Communications Security Establishment (CSE) highlighted China’s advanced and aggressive cyber campaigns, describing them as highly sophisticated and primarily targeting political and commercial objectives, including espionage, intellectual property theft, and influence operations. This announcement comes amid strained relations between Ottawa and Beijing, fueled by past allegations of Chinese interference in Canada’s electoral process.
The CSE report also noted that Russia’s cyber operations are active in attempts to destabilise Canada and its allies, while Iran poses an additional cyber threat. These findings underscore the ongoing cyber challenges Canada faces from multiple state actors seeking influence and intelligence. The Chinese embassy in Ottawa has not yet commented on the CSE report, and Beijing has historically rejected similar accusations.
Canadian authorities have grown increasingly vocal about foreign interference, with Prime Minister Justin Trudeau previously accusing China of election meddling. Security experts warn that Canada will need to strengthen defenses as geopolitical tensions continue to heighten cyber risks.
Six Democratic senators have urged the Biden administration to address critical concerns about human rights and cybersecurity in the upcoming United Nations Cybercrime Convention, which is set for a vote at the UN General Assembly. In a letter to top officials, including Secretary of State Antony Blinken and National Security Adviser Jake Sullivan, the senators—Tim Kaine, Jeff Merkley, Ed Markey, Chris Van Hollen, Ron Wyden, and Cory Booker—expressed alarm over the convention’s handling of privacy rights, freedom of expression, and cybersecurity.
The letter warns that the current version of the treaty, supported by US lead negotiator Ambassador Deborah McCarthy, risks aligning the US with repressive regimes under the pretence of cybersecurity. The senators voiced concerns that the treaty, which originated as a Russian proposal in 2017, could enable authoritarian states to legitimise surveillance, suppress dissent, and infringe on human rights globally.
While the Biden administration tried to revise the text, the senators argued that these changes needed revision. The treaty’s provisions require countries to enact laws that allow local law enforcement access to electronic data, threaten privacy rights, and potentially enable surveillance without judicial oversight. The top diplomat warned of serious fallout if the US fails to back the treaty.
The letter also criticises the treaty for lacking clear protections for journalists and security researchers, whose work often involves uncovering vulnerabilities that malicious actors could exploit. The senators warn that this oversight could weaken cybersecurity without explicit safeguards, making sensitive systems more vulnerable to attack.
JP Morgan Chase has initiated lawsuits against customers accused of exploiting a glitch to withdraw large sums from its ATMs. The viral ‘infinite money glitch’ trend on TikTok involved users writing large cheques to themselves, depositing them, and withdrawing the money before the cheques were returned as invalid.
The lawsuits target two individuals and two businesses, demanding the return of funds with interest, reimbursement of overdraft fees, and coverage of legal expenses. In a court filing, JP Morgan revealed that one incident involved a $335,000 cheque deposited on 29 August, with over $290,000 still owed after the cheque was deemed counterfeit.
Bank officials stressed their commitment to fraud prevention, describing bank fraud as a serious crime in court documents. The total amount linked to the defendants in the lawsuits exceeds $660,000. Typically, banks permit customers to withdraw only part of a cheque’s value until it clears.
The Wall Street Journal recently reported that the bank closed the loophole shortly after the glitch went viral. An ongoing investigation by JP Morgan is reviewing thousands of potential fraud cases tied to the incident.
Italian authorities have placed Leonardo Maria Del Vecchio, son of the late billionaire founder of Luxottica, and three others under house arrest as part of a probe into suspected illegal access to state databases. Del Vecchio, whose father created the Ray-Ban eyewear empire, is accused of employing a private intelligence agency, allegedly managed by a former police officer, to gather confidential data. The alleged access was reportedly linked to a family dispute over inheritance.
Del Vecchio’s lawyer, Maria Emanuela Mascalchi, said her client is “eagerly awaiting” the investigation’s conclusion, maintaining he has “nothing to do” with the allegations and is more a victim of the situation. Prosecutors allege that the intelligence agency illegally accessed data from state systems, including tax, police, and financial databases, which were reportedly used to blackmail business figures or sold to third parties.
The probe, which extends back to at least 2019 and continued until March 2024, highlights concerns about a lucrative market for sensitive information in Italy. Italy’s national anti-mafia prosecutor, Giovanni Melillo, remarked that the case has raised alarm over the existence of an underground market for confidential data, now operating on an industrial scale.
This case follows a recent investigation into a significant data breach at Italy’s largest bank, Intesa Sanpaolo, suggesting a wider issue of data misuse in the country.
Delta Air Lines has filed a lawsuit against CrowdStrike in Georgia, accusing the cybersecurity company of causing a global outage in July that disrupted travel for 1.3 million passengers. The airline claims a faulty software update forced by CrowdStrike led to the mass cancellation of 7,000 flights over five days, resulting in losses exceeding $500 million.
The airline alleges that CrowdStrike’s software update caused more than 8.5 million Microsoft Windows-based systems to crash worldwide, affecting multiple industries, including banks and healthcare. Delta insists that better testing could have prevented the failure, criticising CrowdStrike for deploying the update without adequate checks. The incident prompted an investigation by the US Transportation Department.
CrowdStrike has rejected Delta’s claims, calling them ‘misinformation’ and blaming the airline’s outdated IT infrastructure for the extended disruption. It also questioned why Delta was hit harder than other airlines, implying the carrier’s slow recovery reflected deeper internal issues rather than software faults alone.
Delta has been using CrowdStrike’s products since 2022 and argues that it has invested heavily in advanced technology for its operations. In its lawsuit, Delta seeks compensation for direct financial losses, lost profits, legal fees, and damage to its reputation, maintaining that CrowdStrike should be held accountable.
The United States and Nigeria have launched the Bilateral Liaison Group on Illicit Finance and Cryptocurrencies to counter cybercrime and misuse of digital assets. Led by the US Department of Justice and Nigerian authorities, this new initiative aims to strengthen both countries’ capabilities in investigating and prosecuting cyber and crypto-related financial crimes as digital finance expands globally.
The group’s formation comes soon after the release of Tigran Gambaryan, Binance’s head of financial crime compliance, who was detained in Nigeria since February on money laundering charges. His release due to health concerns follows rising tensions, and this new collaboration may help ease strained relations as both nations work toward secure cyberspace operations.
Aligned with US goals for global cyber enforcement, this liaison group aims to streamline coordination between the two countries’ enforcement bodies. This joint effort underscores the importance of cross-border cooperation to address the unique challenges posed by digital assets in the fight against financial crime.
Four members of the REvil ransomware gang were sentenced to prison in Russia for hacking and money laundering. Artem Zayets received 4.5 years, Alexey Malozemov got 5 years, while Daniil Puzyrevsky and Ruslan Khansvyarov were sentenced to 5.5 and 6 years, respectively. Puzyrevsky, considered the leader, may face additional fines.
The St Petersburg Garrison Military Court’s decisions followed arrests of 14 individuals in early 2022, based on US tips, with authorities seizing over 426 million rubles (about $4.38 million), $600,000, and €500,000 in cash, along with cryptocurrency and luxury vehicles. The gang was linked to significant breaches at companies like JBS and Kaseya before disbanding in 2021.
REvil (Ransomware Evil) is ransomware that emerged around 2019. It is known for its sophisticated attacks and targeted operations against various organisations worldwide. It has been allegedly involved in several high-profile cases at the Colonial Pipeline in May 2021, which led to the shutdown of the largest fuel pipeline in the US, causing fuel shortages and panic buying. The company paid approximately $4.4 million in ransom.
Five individuals in Austria have received prison sentences for their roles in a $21.6 million cryptocurrency scam that deceived around 40,000 investors. The fraud, linked to EXW Wallet and EXW token, involved charges of commercial fraud, money laundering, and operating pyramid schemes, marking one of Austria’s largest financial crime cases. The trial, held at the Klagenfurt Regional Court, lasted over 300 hours, with Judge Claudia Bandion-Ortner delivering the sentences.
Two of the defendants were sentenced to five years, while others received shorter terms, with additional perpetrators still on the run. Investigations revealed extravagant spending from the stolen funds, including luxury cars, private jets, and parties in Dubai, as well as a shark tank in a Bali villa. Prosecutors stated that the operation’s scale could reach between €14 million and €120 million, far exceeding original estimates.
Although the defence argued the scheme began with genuine investment intentions, the prosecution maintained it was fraudulent from the start. With appeals expected, the defendants face additional compensation and legal costs, while related investigations continue.
The Australian Competition and Consumer Commission (ACCC) is enhancing its cybersecurity capabilities throughout FY25 as part of a broader strategy to improve compliance and maturity in line with the Australian Cyber Security Centre’s Essential Eight framework. The initiative addresses the ACCC’s expanding regulatory role within Australia’s cybersecurity landscape, particularly with the launch of the national anti-scam centre and digital ID, set to take effect on 1 December.
The ACCC will be responsible for accrediting digital ID services, approving participants in the government’s digital ID service, and enforcing compliance regulations, resulting in a heightened workload and increased resource demand. To tackle these challenges, the ACCC aims to elevate its cybersecurity maturity to level two of the Essential Eight framework, prioritising risk management and improvement initiatives.
To strengthen its cybersecurity posture, the uplift will be supported by leveraging various Microsoft technologies, including Active Directory, Group Policy, Defender, Sentinel, and Intune. Recognising the importance of robust defences against cyber threats, the ACCC is committed to allocating the necessary resources to support its enhanced cybersecurity efforts. By elevating its maturity level and effectively managing emerging risks, the ACCC seeks to ensure the resilience of its operations and safeguard consumer interests in an increasingly complex cyber landscape.
