Evan Frederick Light, 22, was sentenced to 20 years in a US prison followed by three years of supervised release after pleading guilty to conspiracy charges related to a massive cybercrime scheme.

Light was charged in May 2023 with conspiracy to commit wire fraud and money laundering. He admitted to his involvement in a cyber-intrusion in February 2022, targeting an investment holdings company. During the breach, Light stole customers' personal identifiable information (PII) and proceeded to steal cryptocurrency valued at over $37 million from nearly 600 victims.

Court documents revealed that Light gained access to the company's computer servers by exploiting the identity of a legitimate client. Once inside, he exfiltrated sensitive data from hundreds of clients and stole virtual currencies held within the company’s system. Light then funneled the stolen cryptocurrency through various international locations, including mixing services and gambling websites, to conceal his identity and hide the assets.

The sentencing also included a $200 special assessment to the Federal Victims Fund and a restitution payment for no less than $37 million, with a hearing to determine the exact amount at a later date.

US SEC X account hacker pleads guilty for his involvement in a SIM swapping attack

Eric Council Jr., 25, US citizen, pleaded guilty for his role in the takeover of the US Securities and Exchange Commission (SEC)’s social media account on X (formerly Twitter) in January 2024.

Hackers posted a fake message in the name of the SEC Chairman, falsely claiming that the SEC had approved Bitcoin (BTC) Exchange-Traded Funds. This caused Bitcoin’s value to surge by over $1,000 before the SEC regained control of the account and corrected the misinformation, causing BTC’s value to drop by more than $2,000.

Council and his co-conspirators gained access to the SEC’s X account through a SIM swap, where Council fraudulently transferred a victim’s phone number to his own SIM card. Using a fake ID card, Council impersonated the victim to gain access to the victim's cellular number, which was then used to take control of the SEC’s account. Council was paid in bitcoin for his role in the scheme.

Council pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud. He is scheduled for sentencing on May 16 and faces up to five years in prison.

Thai authorities arrest 4 alleged Phobos ransomware operators

Four European hackers have been arrested in a joint operation by Thai, Swiss, and US authorities for allegedly orchestrating ransomware attacks that affected over 1,000 victims worldwide, causing an estimated $16 million in damages. The authorities dismantled the Dark Web data leak and negotiation sites linked to the 8Base ransomware gang.

The hackers face charges of conspiracy to commit offenses against the US and wire fraud, accused of deploying Phobos ransomware between April 30, 2023, and October 26, 2024, targeting 17 Swiss companies. They gained unauthorized access to networks, stole sensitive data, encrypted files, and demanded cryptocurrency ransoms, threatening to release the data if payments were not made. The group used cryptocurrency mixing services to hide their transactions.

The suspects were arrested as part of a law enforcement effort codenamed "Phobos aetor." In coordinated raids across four locations in Phuket, the authorities seized over 40 items, including mobile phones, laptops, and digital wallets. Additionally, the US Justice Department has charged Roman Berezhnoy and Egor Glebov, both Russian nationals, for operating the Phobos ransomware. The group, including affiliates under names like "8Base" and "Affiliate 2803," allegedly stole and encrypted victim data.

In a separate case, two Chinese nationals were arrested by Thai and Chinese police for a large-scale scam. The suspects resisted arrest and attempted to delete phone data but were apprehended at a luxury residence. Authorities seized $44,550 in assets and froze $2.5 million in Tether's USDT stablecoin linked to the scam. The men face public fraud charges.

The US, UK, Australia take action against Russia-based BPH provider Zservers over LockBit ransomware attacks

The United States, the United Kingdom, and Australia have collectively imposed sanctions on Zservers, a Russia-based bulletproof hosting (BPH) provider, in response to its supporting Lockbit ransomware attacks. Zservers operates by offering secure servers and other infrastructure that help cybercriminals evade detection by law enforcement.

The US Treasury’s Office of Foreign Assets Control (OFAC) has targeted two key Russian nationals associated with Zservers identified as principal administrators of the service.

The UK has also imposed sanctions on six employees linked to the company, accusing them of being part of a wider cybercrime syndicate responsible for devastating ransomware attacks worldwide. Furthermore, XHOST Internet Solutions LP, a front company believed to be connected to Zservers, has been added to the sanctions list.

In a separate case, Christina Marie Chapman, a US citizen, has pleaded guilty to conspiracy charges related to a scheme that generated over $17 million for herself and North Korea. From October 2020 to October 2023, she ran a "laptop farm" at her home, where she helped foreign IT workers pose as US-based employees by providing local IP addresses. Chapman also aided in stealing the identities of over 70 US nationals, enabling the fraudsters to secure remote jobs. Payroll checks were sent to her home, then laundered and funneled to North Korea, possibly supporting its weapons programs. Chapman will be sentenced on June 16 and faces a prison term of 94 to 111 months.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Four major distributors of the encrypted communication service Sky ECC apprehended in Spain and the Netherlands

In a coordinated international operation, four key distributors of the encrypted communication service Sky ECC were arrested in Spain and the Netherlands. The two men arrested in Spain were major global distributors of the service, generating over €13.5 million in profits. During the raids, authorities seized cash, cryptocurrencies worth €1.4 million, and luxury items.

Sky ECC, which had been cracked by Europol in 2021, was linked to criminal activities like drug trafficking, arms dealing, and money laundering. The service, sold through subscriptions, provided secure communication for illegal activities.

On January 31, 2025, Dutch authorities arrested two other high-ranking Sky ECC sellers who were responsible for 25% of the platform's subscriptions, generating €6.8 million in profits. Both the Dutch and Spanish suspects face prosecution in the Netherlands.

Additionally, Europol announced the arrest of six individuals involved in a money laundering and investment fraud operation, with seizures of €130,000 in cash and expensive watches in Israel, and €450,000 in fraudulent funds recovered in France.