top of page
ALL POSTS
Global SocGholish Takedown: Nearly 15,000 WordPress Sites Cleaned in Major Operation
Key Findings Operation EndGame, a coordinated international law enforcement action, dismantled SocGholish infrastructure on June 18, 2026 106 servers and domains taken down globally; 14,971 compromised WordPress sites remediated Law enforcement from Netherlands, Canada, United States, and Germany executed the coordinated takedown with support from Europol SocGholish serves as initial access broker for major ransomware families including LockBit, RansomHub, and WastedLocker Be
Jun 193 min read
Conti Ransomware Member's Guilty Plea Signals Breakthrough in Global Cybercrime Crackdown
Key Findings Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty to wire fraud conspiracy related to Conti ransomware operations Conti attacked over 1,000 organizations across 47 U.S. states and 31 countries from 2020 to 2022, extorting at least $150 million Lytvynenko joined the conspiracy in September 2021 and developed malware used in the attacks He faces up to 20 years in prison with sentencing scheduled for September 10, 2026 Authorities continue pursuing f
Jun 133 min read
International Law Enforcement Smashes Major Cybercrime Operations
Key Findings French-led international operation dismantled a major counterfeit document production facility in Alicante, Spain Police seized approximately 800 forged European documents, professional production equipment, and a transport vehicle The facility supplied fake credentials to migrant smuggling networks across Europe, enabling border evasion and illegal residence claims Coordinated enforcement action disrupted critical infrastructure used by organized crime groups Eu
Jun 52 min read
Global Law Enforcement Dismantles First VPN Used by 25 Ransomware Groups in Historic Takedown
Key Findings First VPN Service, a criminal VPN operating since 2014, was dismantled in a coordinated international operation led by France and the Netherlands At least 25 ransomware groups used the service to conduct attacks, including network reconnaissance, data theft, fraud, and denial-of-service operations The takedown involved 16 countries and resulted in the seizure of 33 servers across 27 countries and the shutdown of associated domains First VPN marketed itself specif
May 223 min read
Operation PowerOFF: 75,000 DDoS-for-Hire Service Users Identified and Warned
Key Findings Law enforcement from 21 countries completed a major crackdown on DDoS-for-hire services on April 13, 2026, resulting in 4 arrests and seizure of 53 web domains Over 75,000 warning letters and emails were sent to users of illegal DDoS services, targeting young people and hobbyists Authorities identified details on more than 3 million criminal user accounts during the investigation Operation PowerOFF deployed innovative enforcement tactics including Google ads and
Apr 192 min read
Operation PowerOFF Takes Down 53 DDoS Domains, Reveals 3 Million Criminal Accounts
Key Findings 53 DDoS-for-hire domains seized across 21 countries in coordinated operation Four suspects arrested in connection with commercial DDoS services Databases containing over 3 million criminal user accounts accessed More than 75,000 cybercriminals identified and warned via email and letters 25 search warrants issued as part of ongoing investigation Operation PowerOFF demonstrates escalating law enforcement focus on dismantling DDoS infrastructure Background Operation
Apr 173 min read
Law Enforcement's Mass Surveillance Through Ad Data: The Webloc Tracking of 500 Million Devices
Key Findings Webloc, an ad-based geolocation surveillance system, tracks up to 500 million mobile devices globally without warrant requirements Law enforcement agencies in the U.S., Hungary, and El Salvador have deployed the tool, including ICE, DHS, and local police departments across multiple cities The system accesses device identifiers, location coordinates, and personal data harvested from mobile apps and digital advertising networks Israeli company Cobwebs Technologies
Apr 113 min read
Operation Alice: Police Dismantle 373,000 Dark Web Sites in Massive CSAM Crackdown
Key Findings Single operator in China ran 373,000 fraudulent dark web sites offering CSAM and cybercrime services Operation Alice, led by German authorities with support from 23 countries, dismantled the network from March 9-19, 2026 Law enforcement seized 105 servers, identified 440 customers worldwide, and issued international arrest warrant for 35-year-old suspect Operator earned over €345,000 from roughly 10,000 customers through fake "packages" priced between €17 and €21
Mar 234 min read
DoJ Dismantles Massive IoT Botnet Network Responsible for Global DDoS Attacks
Key Findings DoJ disrupted command-and-control infrastructure for 4 IoT botnets Botnets infected approximately 3 million devices worldwide Attacks measured up to 31.4 Tbps, causing potential massive internet disruption Botnets launched hundreds of thousands of DDoS attack commands Potential suspects include a 23-year-old Canadian and a 15-year-old German Multiple international law enforcement agencies and tech companies collaborated on the operation Background The botnet disr
Mar 202 min read
SocksEscort Proxy Network Dismantled by Federal Authorities in Global Fraud Crackdown
Key Findings * International law enforcement dismantled SocksEscort proxy network * Network compromised approximately 369,000 IP addresses worldwide * Cybercriminals used service to route fraudulent activities and hide identity * $3.5 million in cryptocurrency seized * Infected over 8,000 home and small business routers * Caused millions in financial losses across multiple victims Background SocksEscort operated as a malicious proxy service from 2009, systematically infecting
Mar 122 min read
FBI Investigating Breach of Sensitive Surveillance System
Key Findings The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations. The affected system is unclassified but contains law enforcement-sensitive information, including data from legal tools like pen register and trap-and-trace orders, and personally identifiable information linked to investigations. The FBI has identified and addressed the suspicious activities, using all ava
Mar 72 min read
Microsoft's BitLocker Encryption Keys Shared with the FBI
Key Findings The FBI obtained BitLocker encryption keys from Microsoft to access encrypted data on laptops seized during a fraud investigation in Guam. Microsoft provides these recovery keys to law enforcement when presented with a valid legal order, as the keys are often backed up to users' Microsoft accounts by default. This practice raises privacy concerns, as it allows authorities to bypass the encryption meant to protect users' data, even if the device owner has not know
Jan 252 min read
Europol Disrupts Black Axe Cybercrime in Spain
Europol Raids Disrupt Black Axe Cybercrime Ring in Spain Key Findings: International law enforcement agencies have dealt a major blow to the criminal network known as Black Axe. 34 people were arrested across Spain, with the majority in Seville. Black Axe is a large, organized criminal group originating in West Africa, with an estimated 30,000 members worldwide. The group is known for online fraud schemes, including romance scams, phishing, and business email compromise (BEC)
Jan 112 min read
bottom of page
