Four young French men, aged 20 to 23, have been arrested by the Cybercrime Brigade (BL2C) of the Paris police, according to French media. They are suspected of being the latest administrators of BreachForums, a major online marketplace for hacked data.

The suspects reportedly operated under aliases “IntelBroker,” “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” Only one was previously known to police, listed in the Criminal Records Processing Service for firearm possession.

BreachForums, launched in March 2022, became a key hub for trading stolen personal and corporate data. It faced ongoing law enforcement pressure, starting with the March 2023 arrest of its American founder Conor Brian Fitzpatrick, aka “Pompompurin.”

The forum’s infrastructure was dismantled again in April 2023 and May 2024 by law enforcement authorities; however, a group of French administrators brought it back online. Despite this, BreachForums never fully recovered due to a mix of hacktivist sabotage, internal conflicts, and law enforcement pressure.

In January 2025, an individual known as “IntelBroker,” who had taken control over the forum following the 2024 arrest of the then key administrator “Baphomet,” stepped down, citing personal obligations. However, French media later reported that he had been arrested by the police on February 22, 2025. Kai West, aka “IntelBroker” and “Kyle Northern,” has been charged in the US with conspiracy to commit computer intrusion, conspiracy to commit wire fraud, and accessing a protected computer to defraud and obtain value. If convicted, he may face a lenghthy prison sentence. The US authorities are now seeking his extradition from France.

The latest arrests took place in Hauts-de-Seine, Seine-Maritime, and Réunion. The four men, “ShinyHunters,” “Hollow,” “Noct,” and “Depressed,” are accused of being involved in several high-profile data breaches, including Boulanger, SFR, France Travail, and the French Football Federation.

REvil ransomware gang affiliates walk free in Russia after time served in pre-trial detention

Four members of the REvil ransomware group have been sentenced in Russia. The defendants, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev, were arrested and detained in early 2022 following a request by US authorities. Each was sentenced to five years in prison for their involvement in illegal trafficking of payment tools, and the deveopment of malware.

However, due to the extended period they had already spent in pre-trial detention, the defendants were released from custody immediately after sentencing. Pending the final legal entry of the court's ruling, their pre-trial restraint has been changed to a travel ban and written agreement not to leave their place of residence.

REvil (aka Sodinokibi) emerged in 2019 and quickly became a major ransomware group, collecting over $100 million in ransoms. One of the most notable incidents took place in July 2021, when the hackers exploited software vendor Kaseya in a suplly chain attack, impacting over 1,500 organizations worldwide. The breach drew international attention, including from then US President Joe Biden, who urged Russia to act.

In the aftermath, Ukrainian hacker Yaroslav Vasinskyi, linked to the Kaseya attack, was arrested in 2021 and sentenced to 13 years in 2024. Authorities also seized assets from another REvil affiliate, the Russian hacker Yevgeniy Polyanin, and arrested two affiliates in Romania. Though REvil briefly resumed operations after a takedown, Russia’s FSB claimed in early 2022 to have arrested 14 members and shut down the group. However, cooperation with the US went down in April 2022 following Russia’s invasion of Ukraine.

In October 2024, the St. Petersburg Garrison Military Court sentenced four REvil hackers, Daniil Puzyrevsky, Ruslan Khansvyarov, Alexey Malozemov, and Artem Zayets, to terms ranging from 4.5 to 6 years in a general regime penal colony.

Initially, the entire REvil case was being tried collectively by the St. Petersburg Garrison Military Court beginning in October 2023. Eight suspected members were on trial. However, just before the trial concluded, the case against Bessonov, Golovachuk, Muromsky, and Korotayev was separated into a standalone proceeding after investigators filed additional charges, including unauthorized access to computer information. This charge is still under investigation and may lead to further legal action.

A large-scale fraud uncovered using trusted online seller accounts

Authorities in Romania and Germany, with support from Eurojust, have dismantled a major criminal network responsible for defrauding online shoppers of over EUR 400,000 through compromised trusted seller accounts.

The criminal group used phishing tactics to steal login credentials from legitimate sellers on a well-known online marketplace. After hijacking over 400 accounts, the perpetrators locked out the original users and advertised fake goods pretending to be trustworthy sellers. More than 550 customers placed orders totaling over EUR 106 million, with 556 of those transactions resulting in direct financial losses, Eurojust said.

As part of law enforcement efforts in December 2024, seven suspects were arrested, four in Romania and three in Germany. Two suspects in Germany remain in custody. Despite the initial arrests, three group members continued illegal operations. Romanian authorities detained the individuals on June 24, 2025, under a European Arrest Warrant issued by German officials and carried out eight additional house searches seizing more digital evidence.

Turkish police bust $28M cybercrime ring in nationwide anti-fraud crackdown

Turkish authorities have dismantled a major cybercrime network involved in online fraud and illegal gambling, uncovering over ₺1.13 billion ($28.41 million) in suspicious transactions during a major nationwide operation. The crackdown spanned across 15 provinces, leading to the detention of 98 suspects. Of those, 51 have been formally arrested.

Investigators say the suspects were part of a sophisticated criminal ring that operated fake financial service websites, posed as bank or insurance agents, and lured victims with promises of low-interest loans. Others are accused of facilitating unauthorized online betting and funneling large sums through illegal financial channels.

Authorities seized mobile phones, computers, SIM cards, bank cards, and cryptocurrency wallets.

Meanwhile, in Vietnam, the police neutralized a cyber-fraud ring operating out of Myanmar and the Philippines. Nearly 100 people were arrested, with the group accused of defrauding Vietnamese citizens of over 2 trillion VND (~$76.58 million). The organization run like a legitimate business, led by Vietnamese nationals, with organized branches, a clear hierarchy, specialized roles, and formal training. Authorities estimate the network involved over 300 individuals.

A hacker pleads guilty to breaching nonprofit’s computer system

Nicholas Michael Kloster, a US citizen, has pleaded guilty in a US court to hacking into the computer system of a local nonprofit organization, causing significant damage and financial loss.

The man admitted that on May 20, 2024, he illegally entered a restricted area of the nonprofit’s premises and accessed a computer connected to the organization's internal network. Using a boot disk, Kloster bypassed security measures and changed user passwords to gain unauthorized control of multiple accounts.

Kloster further admitted to installing a virtual private network (VPN) on the compromised system, allowing continued access to the network. Due to the breach, the victim organization suffered significant losses related to the system’s recovery. Kloster now faces up to five years in prison without the possibility of parole, a fine of up to $250,000, up to three years of supervised release, and potential restitution. A sentencing date has not yet been scheduled.

In Australia, the NSW Police Cybercrime Squad has arrested and charged a hacker responsible for a series of cyber attacks on Western Sydney University since 2021. The attacks began with an attempt to gain discounted campus parking and escalated to changing academic records, accessing sensitive data, and threatening to sell student information. The most recent incident involved a third-party data breach.

Australia Germany France Romania Russian Federation Turkey United States of America

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigations Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

FBI-wanted hacker who provided initial access to a ransomware gang extradited to the US

Addiction Treatment Center Employee Accused Of Selling Patients’ Data On Dark Web

US Authorities Seize 145 Domains Linked To BidenCash Dark Web marketplace

Upcoming Live Webinars:

Continuous Threat Exposure Management (CTEM) with ImmuniWeb

Automating Web and Mobile Security Testing with ImmuniWeb

ImmuniWeb AI Platform: Products and Capabilities