Read also: Two major cybercriminal platforms, Tycoon2FA and LeakBase, dismantled by law enforcement, an ex-US Air Force officer arrested for conspiring with a Chinese hacker, and more.

Views: 3.7k Read Time: 5 min.

Finnish Psychotherapy Center Hacker Gets Nearly 7 Years In Prison

Finnish psychotherapy center hacker gets nearly 7 years in prison

The Helsinki Court of Appeal sentenced Aleksanteri “Zeekill” Kivimäki, 28, to six years and eleven months in prison for hacking into the now-defunct psychotherapy chain Vastaamo and attempting to extort tens of thousands of patients.

Kivimäki, one of the most notorious hackers and a former member of the infamous Lizard Squad hacking collective, had sought to overturn his 2024 conviction. Prosecutors said he carried out the attack between November 2018 and March 2019, during which he stole sensitive therapy records and later extorted payments from both the company and its patients using the moniker “ransom_man.”

After Vastaamo refused a €450,000 ransom demand, Kivimäki allegedly emailed more than 20,000 patients, demanding €200 in cryptocurrency, with the threat that the amount would rise to €500 if not paid within 24 hours. Therapy session notes of more than 2,000 patients were eventually published online. At least one suicide has been reportedly linked to the breach. Vastaamo later declared bankruptcy.

According to Finnish media, the court imposed a six-year and eleven-month sentence, with the condition that Kivimäki will fulfill separate agreements to compensate victims. His attorney said that Kivimäki is currently not in Finland and that his whereabouts are unknown.

Kivimäki was arrested in France in February 2023 and later extradited to Finland. In late 2025, Finnish prosecutors charged Daniel Lee Newhard, a 28-year-old American citizen living in Estonia, with aiding and abetting blackmail and extortion in the Vastaamo hacking case.

The Tycoon2FA PhaaS and the LeakBase hacking forum shut down following a police op

An international operation led by Europol has dismantled Tycoon2FA, a large phishing-as-a-service platform used by cybercriminals to bypass multi-factor authentication and steal account credentials. Authorities seized and shut down 330 domains that supported the platform’s infrastructure, including phishing pages and control panels.

Active since August 2023, Tycoon2FA targeted organizations worldwide, affecting nearly 100,000 entities, including government agencies, schools, and healthcare providers. By mid-2025, the platform was reportedly sending tens of millions of phishing emails each month, reaching over 500,000 organizations.

In a parallel action, the US FBI has seized the domains of the LeakBase cybercrime forum as part of an international law-enforcement effort called ‘Operation Leak’ also coordinated by Europol.

The operation involved agencies from 14 countries and included arrests, house searches, interviews, and “knock-and-talk” actions across the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. In total, around 100 enforcement actions were carried out worldwide, targeting 37 of the platform’s most active users.

Launched in 2021 with support from the ARES threat group, LeakBase grew to more than 142,000 members after the shutdown of the Breached hacker forum. The site allowed users to access leaked databases, trade hacking tools and stolen data, and share resources on hacking techniques, social engineering, cryptography, and operational security.

The takedown follows the disruption of the RaidForums and BreachForums hacker forums in 2022 and 2023, respectively, as well as the conviction and sentencing of the BreachForums founder in 2025.

A Ukrainian man pleads guilty to running the OnlyFake website

A 27-year-old Ukrainian man has pleaded guilty to operating an AI-driven website that generated and sold more than 10,000 counterfeit identification documents to customers around the world. Yurii Nazarenko, aka “John Wick,” “Tor Ford,” and “Uriel Septimberus,” admitted to running the subscription-based platform OnlyFake. The site used AI technology to create realistic-looking digital images of fake passports, driver’s licenses, and Social Security cards.

OnlyFake enabled users to generate fake digital versions of identification documents from nearly 56 countries. Customers could customize the fake documents with specific personal details or choose randomized information. Nazarenko was extradited from Romania in September 2025 to face charges in the United States. As part of his plea agreement, he has agreed to forfeit $1.2 million in proceeds from the operation. He faces a maximum sentence of 15 years in prison. Sentencing is scheduled for June 26, 2026.

In a separate case, Ukrainian authorities have charged a 21-year-old Denis Nikolaev with a large-scale cyber theft from two large Ukrainian energy companies. According to the Prosecutor General’s Office, the suspect and his accomplices orchestrated a scheme where a small amount of money was allegedly transferred by mistake to the account of one of the victim companies.

When the firm’s accountant tried to remedy the mistake, she was asked to fill out a refund form with a .zip archive containing a remote access trojan disguised as a password. The attacker gained access to the remote banking service «client-bank» of both companies and withdrew from one victim’s account 78.5 million hryvnias (EUR 1.55 million) and about 48.7 million hryvnias (EUR 960,000) from another company’s account. The hacker then laundered the stolen money through multiple bank accounts, dozens of corporate and individual accounts, and cryptocurrency exchanges. He is charged in absentia with theft, interference with electronic networks, and money laundering.

In yet another case, Ukrainian cyberpolice arrested a 30-year-old developer and seller of phishing resources. The man created custom software that enabled unauthorized access to users’ accounts on various websites.

Ex-US Air Force officer arrested in plot with Chinese hacker

A former US Air Force officer has been arrested on charges of conspiring with a convicted Chinese hacker to provide advanced flight training to China’s military pilots. Gerald Eddie Brown, 65, was taken into custody in Jeffersonville, Indiana, after allegedly spending nearly three years living in China and training pilots affiliated with the People’s Liberation Army Air Force (PLAAF).

According to court documents, Brown served 24 years in the US Air Force, retiring in 1996 with the rank of Major. During his military career, he led units responsible for nuclear weapons delivery systems and combat operations. After leaving active duty, Brown worked as a commercial cargo pilot and held positions with two US defense contractors.

Prosecutors allege that in 2023, Brown began negotiating a contract to train Chinese military pilots in combat aircraft operations. The deal was reportedly arranged through people connected to Stephen Su Bin, a Chinese national previously convicted of hacking US defense contractors.

Bin, who operated an aviation and aerospace technology business in Canada, pleaded guilty in 2016 to breaching the networks of American defense firms between 2008 and 2014. In one instance, he breached servers used by Boeing to store data related to the C-17 military transport aircraft and sent confidential information to officials in China. Bin served four years in prison, and his company was later sanctioned.

Federal authorities say Brown worked with Bin to complete his training agreement. In December 2023, Brown traveled to China, where he met with officials from the People’s Republic of China and presented his military résumé. He stayed in the country until returning to the United States in February 2026.

Prosecutors allege Brown violated the International Traffic in Arms Regulations (ITAR) by providing defense services to a foreign military without obtaining the required US State Department license.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Sextortionist pleads guilty to targeting hundreds of young women online

A 22-year-old US man has pleaded guilty to federal charges after admitting he hacked and extorted hundreds of young women, including minors, in a years-long sextortion scheme.

Jamarcus Mosley pleaded guilty to extortion, cyberstalking, and computer fraud charges stemming from an operation that ran from April 2022 through May 2025. Prosecutors said Mosley targeted victims on social media platforms including Snapchat and Instagram, as well as other online accounts.

According to court documents, Mosley tricked victims into providing recovery codes and passwords by impersonating their friends and via other tactics. He then hijacked control of victims’ accounts and threatened to release their private nude images and videos publicly or permanently lock them out of their accounts unless they complied with his demands. The demands included providing additional account access, sending sexually explicit content, or paying money. Mosley is scheduled to be sentenced on May 27, 2026.

Of note, Europol has shared the first results of an international law enforcement operation involving 28 countries codenamed “Project Compass” targeting “The Com,” a decentralized, nihilistic online network made up of thousands of minors and young adults involved in cybercrime, physical violence, and extortion. Since January 2025, authorities have arrested 30 suspects and identified (fully or partially) 179 perpetrators. Four victims have been safeguarded, with up to 62 victims identified overall.

According to the FBI, The Com operates through three main branches: Hacker Com, In Real Life (IRL) Com, and Extortion Com. Members’ tactics has become more sophisticated, using advanced methods to conceal identities, launder money, and hide financial transactions.