A former information technology employee of an Iowa school district (in the US) has been sentenced to 21 months in federal prison for carrying out a prolonged cyber-attack against his former employer, causing significant disruptions to school operations and tens of thousands of dollars in damages.

According to court documents, 34-year-old Ezekiel Dean Potter worked as a senior IT support specialist for the Saydel Community School District in Des Moines from May 2022 until April 2023. Prosecutors said that after leaving the district, Potter retained access credentials and used them to repeatedly target the district’s computer systems over a 21-month period.

Before his termination, Potter downloaded more than 300 usernames and passwords belonging to district accounts and programs. Authorities said he later used the credentials to access or attempt to access district systems, revoke employee access, delete accounts, and disrupt operations.

The attacks began in June 2023 when Potter disabled one of the district’s social media pages. The incidents caused districtwide technology outages and required extensive recovery efforts. In January 2025, a series of attacks on district applications forced the suspension of classes for several hours.

Police determined that Potter conducted many of the attacks from the offices of later employers. Authorities also found that he left behind a USB drive containing hundreds of district usernames and passwords and later attempted to have a former coworker wipe the device.

In addition to his prison sentence, Potter was ordered to serve three years of supervised release and pay nearly $60,000 in restitution to the Saydel Community School District and its insurer.

Police crackdown shuts down $380M AudiA6 crypto laundering service

International law enforcement agencies have shut down AudiA6, a cryptocurrency laundering service accused of helping cybercriminals launder more than $380 million in illegal funds.

According to Europol, AudiA6 operated from 2022 to 2025 and acted as a crypto mixing service, allowing criminals to hide the origin of stolen money. The platform moved funds through multiple transactions before returning them to users in exchange for a fee.

The investigation involved authorities from 11 countries, with support from Europol and Eurojust. The case moved forward after a Ukrainian suspect was arrested in Poland in September 2025. Evidence found on the suspect's devices helped police identify other members of the network.

Authorities arrested two suspected AudiA6 administrators in Georgia. Police also searched three locations, seized 25 domains, confiscated 80 vehicles and properties, froze or seized cryptocurrency worth hundreds of thousands of euros, and blocked Telegram accounts linked to the operation.

Blockchain investigation found that more than 10,000 Bitcoin, worth nearly $390 million at the time, passed through AudiA6 wallets since the service began in 2021. Officials say some of the funds were linked to ransomware gangs, Dark Web markets, and other criminal activities.

US prosecutors have charged 37-year-old Ukrainian citizen Ruslan Igorevich Tkachuk and 25-year-old Russian citizen Alexander Vladimirovich Ledenev with money laundering offenses. Authorities believe they operated both AudiA6 and the Dark2Web cybercrime forum, where illegal services were promoted.

If found guilty, both men could face up to 20 years in prison.

A Conti ransomware affiliate pleads guilty in the US

A Ukrainian man extradited from Ireland to the United States has pleaded guilty to charges linked to the Conti ransomware gang.

Oleksii Oleksiyovych Lytvynenko, 44, admitted to taking part in Conti ransomware attacks between 2021 and 2022. Prosecutors said he helped target victims in the US and other countries by stealing data, encrypting computer systems, and demanding Bitcoin ransom payments. Lytvynenko also admitted to working on a malware ‘loader,’ a tool used to download malicious software onto victim systems.

According to court documents, the Conti group attacked more than 1,000 victims worldwide and collected over $150 million in ransom payments. The Conti gang was one of the world's most active cybercrime groups, targeting hospitals, businesses, schools, and government agencies. The group shut down in 2022 after internal chats were leaked and law enforcement increased pressure on its members.

Lytvynenko was arrested in Ireland in July 2023 and later extradited to the United States. He faces up to 20 years in prison.

Authorities say former Conti members later joined or formed other ransomware groups, such as ALPHV/BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group. In September 2023, the US and UK authorities sanctioned and charged several Russian nationals linked to the Conti and TrickBot cybercrime operations for attacks on more than 900 victims worldwide. In 2024, Ukrainian authorities arrested an alleged malware developer for the LockBit and Conti ransomware operations.

The US takes action against an AI-powered phishing service, a cyber-espionage op, and deepfake nudes

In a series of takedowns, the US authorities have dismantled services linked to phishing, cyber-espionage, and AI-generated nude image distribution.

More specifically, the FBI and its partners have shut down a large Chinese phishing-as-a-service operation called ‘Outsider Enterprise’ responsible for thousands of fake websites used to steal credit card information and passwords. Active since at least 2023, the group used AI-powered phishing kits to impersonate trusted brands through text messages sent via major carriers, including AT&T, T-Mobile, and Verizon.

Authorities linked the operation to more than 3.8 million stolen credit card records and an estimated $1.9 billion in losses. As part of the police operation, servers were seized, as well as a Shopify storefront, testing accounts, and about $100,000 in cryptocurrency. In addition, Google filed a civil lawsuit to dismantle Outsider Enterprise’s infrastructure.

The authorities have also dismantled 13 websites allegedly linked to a Chinese espionage operation that targeted current and former US government employees with security clearances. The sites posed as legitimate consulting firms and advertised fake analyst and consultant jobs to recruit individuals with access to sensitive information.

According to the US Department of Justice, the operators used fake identities, stolen personal information, AI-generated photos, encrypted messaging apps, and cryptocurrency payments to conceal their activities.

In a separate operation, the DoJ has seized the websites CFAKE[.]com and SOCFAKE[.]com, which allegedly hosted nonconsensual AI-generated nude images and videos of women. The sites reportedly distributed sexually explicit deepfakes featuring politicians, celebrities, athletes, musicians, and members of royalty from several countries. The action appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act, a law aimed at combating the spread of nonconsensual intimate imagery, including AI-generated content.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Chinese police arrest 67 suspects linked to the Silver Fox cybercrime group

Chinese authorities have arrested 67 individuals connected to Silver Fox, the country's largest and most active cybercrime group. According to authorities, Silver Fox began operating in mid-2024 and exclusively targeted Chinese-speaking users both within China and overseas.

The coordinated operation took place across five provinces and targeted key members of the criminal network, including malware developers, phishing site operators, and affiliates. Authorities identified Ji Moufei as the key developer and distributor of the Silver Fox trojan. Ji and four associates were arrested in Zhejiang Province.

In Jilin Province, police detained 28 suspects, including a man surnamed Chen who allegedly developed a variant of the malware. Silver Fox mainly targets employees of businesses and public institutions, particularly finance personnel. Once installed, the malware can remotely control infected systems, steal passwords, intercept SMS verification codes, and collect sensitive personal and corporate data.

Additional arrests were made in Shandong Province, where sixteen accomplices were accused of operating phishing websites that tricked users into downloading malware-infected files. In Guangdong, police arrested fourteen suspects for allegedly using the trojan to compromise systems, steal online assets, and conduct fraud schemes worth more than 7 million yuan (approx. $1 million). Police said the group also distributed phishing emails and stole corporate information.

Authorities also arrested three people in Zhejiang for developing fake app download websites that distributed the Silver Fox trojan.