Peter Williams, an Australian-born former executive of US-based cyber tools maker Trenchant has been sentenced to more than seven years in prison for stealing and selling the company’s hacking software to a Russian zero-day broker. In addition to the prison term, Williams was ordered to serve three years of supervised release with special conditions. The court also imposed a $1.3 million forfeiture judgment covering cryptocurrency and property. A restitution hearing has been scheduled for May 12, 2026.

Williams admitted last October that he stole at least eight sensitive software tools from his former employer over a three-year period beginning in 2022. Prosecutors said he received millions of dollars in cryptocurrency in exchange for the stolen hacking tools. Although court records did not detail the specific software involved or identify the buyer, US officials said the tools were sold to a Russian zero-day brokerage firm known as Operation Zero.

Federal prosecutors had sought a nine-year prison sentence, along with a $250,000 fine and mandatory restitution of $35 million. According to court filings, Williams admitted to the sales and told investigators that at least two of the tools alone caused approximately $35 million in losses to the company. Williams will serve his sentence in the United States and is expected to be deported to Australia upon completion of his prison term.

In parallel with the sentencing, the US Department of the Treasury announced sanctions against the owner of Operation Zero, the St. Petersburg-based firm itself, and several associates, including two members of the Trickbot cybercrime gang, who allegedly helped Operation Zero, as well as their own exploit brokerage firm.

Ukrainian man gets 5 years in prison for helping North Koreans obtain US employment

A Ukrainian man has been jailed for 5 years for providing stolen identities to North Korean IT workers who used them to infiltrate dozens of US companies.

Oleksandr Didenko, 39, of Kyiv, pleaded guilty in November 2025 to aggravated identity theft and conspiracy to commit wire fraud. He was arrested in Poland in May 2024 and later extradited to the United States. A federal judge sentenced him to 60 months in prison, followed by 12 months of supervised release. He also agreed to forfeit over $1.4 million in cash and cryptocurrency seized from him and his associates.

Court documents say that Didenko stole the identities of US citizens and sold them to overseas IT workers through the UpWorkSell online platform, which has since been seized by the United States Department of Justice. The North Korean workers allegedly used the stolen identities to fraudulently secure remote IT jobs with at least 40 US companies.

Prosecutors said Didenko supplied at least 871 proxy identities and related accounts across three freelance IT hiring platforms. He also helped establish and operate at least eight so-called “laptop farms” in the US, Ecuador, Poland, and Ukraine, which allowed North Korean workers to disguise their true locations.

One such operation was run by Christina Marie Chapman, 50, of Arizona, who managed the scheme from her home between October 2020 and October 2023. She was charged in May 2024, pleaded guilty in July 2025, and was later sentenced to 102 months in prison.

Romanian IAB pleads guilty to selling access to US government network

A Romanian national has pleaded guilty in a US federal court to selling unauthorized access to a state government computer network. Catalin Dragomir, 45, of Constanța, Romania, admitted to obtaining access in June 2021 to the computer network of Oregon’s emergency management department. Prosecutors said Dragomir advertised administrator-level access to the compromised system, negotiated a $3,000 payment in Bitcoin, and logged into the network multiple times to demonstrate that his access was legitimate.

According to court documents, Dragomir acted as initial access broker (IAB) to provide a prospective buyer with samples of personal identifying information taken from the network. The data included an employee’s login credentials, name, email address, and Social Security number.

Authorities allege that Dragomir also hacked into and sold access to the networks of 10 additional victims across the United States, resulting in at least $250,000 in losses.

Dragomir was arrested in Romania in November 2024 and extradited to the United States in January 2025. In May 2024, he was charged with five counts of obtaining information from a protected computer, aggravated identity theft, and money laundering.

He pleaded guilty to information theft and aggravated identity theft and agreed to pay full restitution to his victims. Dragomir faces up to seven years in prison, including a mandatory consecutive two-year sentence for identity theft, as well as a potential fine of up to $250,000 and one year of supervised release. Sentencing is scheduled for May 26.

Spain arrests four alleged members of Anonymous Fénix over cyber-attacks

Spanish authorities have arrested four alleged members of a hacktivist group accused of carrying out cyber-attacks against government ministries, political parties, and various public institutions in Spain and several South American countries. The group, calling itself “Anonymous Fénix,” allegedly conducted distributed denial-of-service (DDoS) attacks against multiple targets.

Officials said the first attacks began in April 2023 and intensified following flash floods that struck Valencia in late October 2024. In the aftermath of the storm, the group reportedly targeted several government websites, claiming Spanish authorities were responsible for the deaths and destruction caused by the disaster.

Anonymous Fénix also used the X social media platform and the Telegram messaging app to spread anti-government messaging and recruit volunteers for its campaigns.

In May 2025, the Guardia Civil arrested the group’s alleged administrator and moderator in Alcalá de Henares, near Madrid, and in Oviedo, in northern Spain. After analyzing evidence seized during those operations, police identified two additional members described as the group’s most active operatives. They were arrested earlier this month in Ibiza and Móstoles. Following the arrests, Spanish authorities seized the group’s accounts on X and YouTube and closed its Telegram channel.

In a separate action, Polish police have dismantled a cybercrime ring involved in phishing and online fraud. Police officers identified 11 suspects operating in Poland and Germany between 2022 and 2024. The group allegedly used fake news websites and fraudulent Facebook login pages to steal over 100,000 credentials, then extorted victims for BLIK payment codes. The suspects face more than 400 charges, including fraud, illegal account access, and money laundering.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Two teens charged over cyber-attack on Seoul bike service affecting 4.6M users

Two South Korean teenagers have been charged in connection with a cyber-attack that compromised the personal data of 4.62 million users of Seoul’s public bike-sharing service. The suspects carried out the attack while they were still in middle school, according to local news media. The pair reportedly met on Telegram, where they bonded over a shared interest in information security.

Investigators said that between June 28 and 29, 2024, the teenagers accessed servers operated by the Seoul Facilities Corporation, which manages the Ttareungyi bike service, and stole a database containing sensitive user information. The compromised data included user IDs, mobile phone numbers, home addresses, dates of birth, gender, and weight.

The breach followed an earlier incident in April 2024, when one of the suspects allegedly sent around 470,000 mass signals in an attempt to overwhelm the servers of a private mobility rental company. During that attack, he reportedly identified security vulnerabilities in the Ttareungyi system and shared the findings with the second suspect. The two then agreed to download the user data.

Police launched an investigation after receiving a complaint from the mobility company. Police tried twice to get arrest warrants, but prosecutors refused because the suspects were juveniles. Investigators said there is no evidence that the stolen data was shared with third parties.

In the meantime, Brazilian police arrested a 26-year-old man accused of operating covert equipment used to hack cell phones and send SMS messages containing malicious links. The suspect, Moacir do Carmo Magalhães, informally confessed to managing the illegal setup. The investigation, dubbed “Erbs Fake,” revealed that his apartment housed devices capable of intercepting cell phone signals, distributing fraudulent text messages, and hacking into computer systems.