A six-month-long Interpol-led police operation supported by the South Korean government and law enforcement from over 30 countries worldwide has resulted in the arrest of 3,500 individuals suspected of participation in cyber fraud schemes.

Named “HAECHI IV”, the operation ran from July to December 2023 and targeted multiple types of cyber scams, such as voice phishing, romance scams, online sextortion, investment fraud, money laundering linked to illegal online gambling, business email compromise schemes, and e-commerce fraud.

As part of the operation, authorities blocked 82,112 suspicious bank accounts, seizing a total of $300 million ($199 million in hard currency and $101 million in digital assets). Investment fraud, business email compromise, and e-commerce fraud constituted 75% of the cases investigated, Interpol said in a press release.

During the operation, two Purple Notices were published. The first alert detailed a “rug pull” scam in Korea involving the sale of Non-Fungible Tokens (NFTs). The second Purple Notice warned about the misuse of AI and deep fake technology to make scams more believable.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

The US authorities disrupt ALPHV/BlackCat operations and release decryption tool

The US authorities have dismantled dark web sites belonging to the infamous Russian-speaking ALPHV/BlackCat ransomware group, which has victimized over 1,000 entities globally and amassed more than $300 million in ransom payments.

An unsealed search warrant revealed that the FBI obtained information about the BlackCat group's operations through a Confidential Human Source (CHS). This individual responded to a BlackCat ad on a publicly accessible online forum and, after being interviewed by the ransomware actors, became an affiliate with access credentials to the BlackCat affiliate panel.

Using this access, the FBI was able to gain valuable insights into the ransomware gang’s operations and obtain 946 public/private key pairs used to host Tor sites operated by the BlackCat group.

The agency developed a decryption tool to assist victims in restoring their data and saving them from ransom demands totaling nearly $68 million.

NY engineer faces 5 years in prison for stealing millions from two crypto exchanges

In a case marking first-ever conviction for the hack of the smart contract, Shakeeb Ahmed, a 34-year-old senior security engineer from New York, pleaded guilty to computer fraud in connection with the hacks of two separate cryptocurrency exchanges from which he stole millions of dollars in cryptocurrency.

In July 2022, Ahmed, who worked as a senior security engineer and had expertise in reverse engineering smart contracts and blockchain audits, executed attacks on the Nirvana Finance protocol and an unnamed crytpo exchange.

In the case of Nirvana, Ahmed leveraged a flash loan of $10 million to purchase Nirvana’s tokens, ANA, at its initial low price, exploiting vulnerabilities in Nirvana's smart contracts. He then re-sold tokens at a higher price, yielding nearly $3.6 million. Although Nirvana offered a bug bounty, Ahmed demanded $1.4 million, leading to a deadlock in negotiations and the subsequent shutdown of the company.

In a separate attack, Ahmed exploited a smart contract weakness to manipulate pricing data, generating nearly $9 million in inflated fees. As in the above case, Ahmed contacted the victim, offering to return all funds except for $1.5 million in exchange for not involving law enforcement. However, the negotiation failed.

As part of his guilty plea, Ahmed agreed to forfeit over $12.3 million. He will also pay restitution to his victims, totaling a little over $5 million. Ahmed faces a maximum sentence of five years in prison.

A suspected LockBit hacker arrested and charged in Canada

The Ontario Provincial Police (OPP) apprehended a 34-year-old Mikhail Vasiliev, a Canadian-Russian dual national suspected of his involvement in the notorious LockBit ransomware gang responsible for nearly 1,700 attacks worldwide, amassing over $90 million in ransom payments.

Canadian authorities, in cooperation with the US FBI, launched an investigation into Vasiliev in 2020 following reports that an Ontario man was providing ransomware services. In October 2022, the police conducted searches at Vasiliev's residence, seizing electronic devices. On December 14, 2023, he was arrested and charged with extortion, unauthorized use of the computer, and failure to comply with a release order.

In November 2022, Vasiliev was charged in the US for his alleged participation in the LockBit ransomware operation. He was charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. These charges carry a maximum penalty of five years of imprisonment. Separately, the US charged another alleged LockBit affiliate, Ruslan Astamirov, who is said to be responsible for at least five attacks on victims in the US and abroad.

German police took down the ‘Kingdom Market’ dark web marketplace

The Federal Criminal Police Office in Germany (the Bundeskriminalamt, BKA) and the internet-crime combating unit of Frankfurt (ZIT) have shut down a black market called ‘Kingdom Market.’

The English-language marketplace specialized in selling a wide range of illegal items, mostly drugs, but also offered cybercrime tools, malware, forged identity documents, and criminal services.

The platform’s infrastructure was seized in several countries with the help of law enforcement agencies from the US, Switzerland, Ukraine and Moldova. One of the market’s administrators was reportedly arrested in the US.

Active since at least March 2021, Kingdom Market had tens of thousands of customers and hundreds of seller accounts, according to the BKA. The customers paid for the goods in digital coins such as Bitcoin, Litecoin, Monero and Zcash, with the operators receiving a 3% commission.

United States of America South Korea Germany Canada

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

Leader Of Hacking Group Responsible For 300 Attacks Worldwide Arrested In Spain

Founder Of Crypto Exchange Bitzlato That Laundered Over $700M In Illegal Proceeds Pleads Guilty

A Cybercriminal Sentenced to 8 Years in Prison for Operating SSNDOB Dark Web Marketplace