US authorities have indicted a man for the theft of personal data from more than 65,000 individuals. Nicholas Moses, who operated online under the alias “Scrublord,” is accused of using the notorious SmokeLoader botnet to deploy malware on thousands of computers worldwide.

Court documents allege that Moses rented access to the SmokeLoader botnet from January 2022 through May 2023, during which time he installed infostealers on victim machines to harvest personal data and passwords. The malware campaign came to light after US authorities dismantled the SmokeLoader network in May last year.

In November 2022, Moses allegedly shared stolen login credentials for video streaming services in a chat session, admitting he had collected “over half a million stealer logs.” He is accused of selling victim credentials for $1 to $5 each.

A screenshot recovered by investigators reportedly shows Moses accessing a database containing more than 619,000 files of stolen victim data through the SmokeLoader interface.

CEO of US-based company accused of installing malware on hospital computers

Jeffrey Bowie, CEO of a cybersecurity firm based in Edmond, Oklahoma, the US, has been accused of installing malware on a computer at SSM Health’s St. Anthony Hospital in Oklahoma City. On August 6, 2024, hospital staff noticed Bowie using a computer reserved for employees. He initially claimed he was there because a family member was undergoing surgery. However, security footage showed him trying to access multiple offices and using two hospital computers.

A forensic investigation revealed that malware had been installed, designed to capture and transmit screenshots every 20 seconds to an external IP address. Authorities identified Bowie and arrested him. He now faces two charges under the Oklahoma Computer Crimes Act.

In the meantime, a man has been charged in Australia with hacking JusticeLink, Australia’s largest online court-filing system. It handles over 400,000 cases annually, storing sensitive documents from lawyers, police, and businesses.

Between late January and late March, more than 9,000 files were downloaded using an automated process before the account was shut down. The suspect was arrested in Sydney, with police seizing two laptops. He faces charges of unauthorized access to restricted data and using a communication service to cause harm. Officials confirmed no personal data has surfaced online or on the Dark Web, and there is no increased risk to individuals protected by court orders.

A serial stalker pleads guilty to a 16-year cyberstalking campaign

A US man pleaded guilty to a 16-year cyberstalking campaign targeting more than six women, two of whom were minors when the abuse began. James Florence Jr., 37, admitted guilt to seven counts of cyberstalking and one count of possession of child pornography. His sentencing is scheduled for July 23, 2025.

Florence has been held in custody since his arrest in September 2024. According to court documents, Florence engaged in online harassment campaigns dating back to 2008, creating over 60 fake accounts across nearly 30 platforms to distribute AI-generated and photoshopped sexually explicit images. These were often paired with victims’ names, addresses, and other personal details.

Florence’s tactics included hacking into personal accounts, posing as victims through “imposter” social media profiles, and publicly posting altered images that falsely depicted the women nude or engaged in sexual acts. He also shared victims' private data online and encouraged strangers to harass them, with some victims receiving extortion messages demanding real explicit content under threats of exposure.

In one case, Florence used a victim’s image and details to power explicit chatbot conversations on multiple platforms. In another, he falsely portrayed a victim’s sexual preferences and posted her home address alongside invitations for strangers to visit her.

Ukrainian cyber police dismantle crypto fraud ring targeting Latvian citizens

Ukrainian cyber police, in collaboration with international law enforcement agencies, have neutralized a crime group responsible for defrauding Latvian citizens of more than 6 million UAH (approximately $144,000) through sophisticated fake cryptocurrency investment schemes.

Since 2022, the criminal group had been operating fraudulent online platforms that mimicked legitimate cryptocurrency trading websites. The sites were used to lure unsuspecting investors with promises of high returns, drawing victims into what they believed were genuine investment opportunities.

The scammers set up a network of call centers across Ukraine, where operators used aggressive sales tactics and social engineering techniques to manipulate targets. The fake platforms were promoted on social media. In many instances, victims were persuaded to install remote access software, unknowingly granting full control of their devices to the criminals. This allowed the perpetrators to manipulate online transactions and drain victims’ accounts.

Ukrainian authorities conducted over 30 raids across multiple regions. Authorities seized a wide range of evidence, including computers, servers, cryptocurrency wallets, mobile phones, financial documents, bank cards, flash drives, and luxury vehicles allegedly purchased with stolen funds. Four individuals, including the suspected ringleader, have been charged. If convicted, they face up to 12 years in prison.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Operator of the Nemesis Market underground market charged in the US

Behrouz Parsarad, a 36-year-old Iranian national from Tehran, has been charged by a US federal grand jury for founding and operating a major Dark Web marketplace called Nemesis Market. Active from March 2021 until its seizure in March 2024, Nemesis Market facilitated the sale of illegal drugs and cybercriminal services, including stolen financial data, fake IDs, counterfeit currency, and malware.

At its peak, the platform had over 150,000 users and 1,100 vendor accounts worldwide, processing over 400,000 orders, over 70,000 of which involved controlled substances like meth, cocaine, heroin, fentanyl, and other opioids. Government test purchases confirmed many substances contained highly dangerous Schedule I and II drugs.

Parsarad faces charges of conspiracy to distribute and actual distribution of controlled substances, as well as conspiracy to launder money by hiding cryptocurrency transactions tied to illegal sales.

The US coordinated with German and Lithuanian authorities to shut down the site, which reportedly facilitated nearly $30 million in drug sales. If convicted, Parsarad could face a minimum of 10 years and up to life in federal prison.