In a first-of-its-kind case, the UK authorities sentenced Olumide Osunkoya, a 46-year-old man, to 4 years in prison for his involvement in illegal cryptocurrency activities worth over £2.5 million. He had previously pleaded guilty to five charges related to his operation of unregistered crypto ATMs in the UK.

Between 30 December 2021 and 12 March 2022, Osunkoya ran a network of crypto ATMs at 28 different locations through his company without FCA registration, which is illegal in the UK.

After his company was no longer involved, Osunkoya continued his illegal activities by personally operating up to 12 crypto ATMs under a false name and company to evade detection. He also failed to conduct the necessary checks to ensure that his ATMs were not being used for money laundering or other criminal activities.

In addition to the charges related to the illegal operation of the crypto ATMs, Osunkoya was also convicted of forgery, using false identity documents, and possessing criminal property.

Leader of Babuk ransomware gang sentenced to 18 months of "limited freedom" in Russia

Mikhail Matveev, aka “Wazawaka,” “RansomBoris,” and “Boriselcin,” was sentenced in Russia to 18 months of "limited freedom" for cybercrimes linked to ransomware activities. Matveev, who was once a key leader in the notorious Babuk ransomware group, has also been associated with several other major ransomware organizations, including LockBit, Conti, HIVE, and BlackMatter. Matveev was involved in a variety of high-profile ransomware attacks, which targeted police departments and critical infrastructure in the United States and several European allies.

The sentence imposes several restrictions, including a curfew, travel restrictions, preventing Matveev from leaving his city or region, requirement for check-ins with a probation officer, social and employment restrictions, including a ban on visiting places like bars, nightclubs, protests, and gambling establishments.

Matveev was convicted for creating a malicious computer program that he planned to use to remotely encrypt the data on computers belonging to unspecified foreign organizations. Matveev admitted to the charges, and the court accepted his guilty plea, deciding the case without a full trial. Mitigating factors considered in his sentencing included his admission of guilt, remorse for his actions, the fact that he has young children to support, and his cooperation in providing crucial information that aided the investigation. In addition to the sentence, Matveev's laptop was confiscated by the state.

Although Matveev's conviction in Russia focused solely on the development of the malware, he faces much more serious charges in the United States. In May 2023, US authorities accused him of involvement in multiple attacks using the Babuk, HIVE, and LockBit ransomware families. Some of the victims named in these attacks include law enforcement agencies and a healthcare organization in New Jersey, as well as the Washington D.C. Police Department.

The US sanctions Iranian man behind the Nemesis Dark Web marketplace

The US Department of the Treasury has sanctioned Behrouz Parsarad, an Iran-based administrator of the Nemesis Dark Web marketplace shut down in 2024. The Nemesis platform was primarily involved in the trade of illicit goods and services, including data trafficking, and cybercrime services such as Distributed Denial of Service (DDoS) attacks, phishing schemes, and ransomware operations. At its peak, Nemesis served over 30,000 users and facilitated nearly $30 million in transactions between 2021 and 2024.

According to the authorities, Parsarad not only ran Nemesis but also continues efforts to relaunch it. Treasury's investigation revealed that Parsarad was in full control of the marketplace and its associated cryptocurrency wallets. Through this, he earned millions of dollars in transaction fees, laundering cryptocurrency for various illicit actors including drug traffickers and cybercriminals.

Despite the efforts of US, German, and Lithuanian authorities to seize Nemesis in March 2024, Parsarad has reportedly been in talks with former vendors to create a new version of the marketplace. As a result of the sanctions, all of Parsarad’s assets within US jurisdiction are now frozen, and he is prohibited from engaging in any financial transactions.

Additionally, the Treasury has identified 49 cryptocurrency addresses tied to him and warned financial institutions that any interaction with these assets could lead to penalties.

APT27 members behind the US Treasury breach charged with cyber-attacks on entities in the US and Asia

US authorities have unsealed two indictments charging Chinese nationals Yin Kecheng aka “YKC” (“YIN”) and Zhou Shuai, also known as “Coldface,” for their involvement in multi-year, for-profit cyber intrusion campaigns dating back to 2013. Said individuals are said to be members of a Chinese state-sponsored hacker collective tracked as ‘APT27’, ‘Emissary Panda’ or ‘Silk Typhoon.’

The Department of Justice also announced the seizure of internet domains and computer servers used by the defendants for their hacking activities. Both individuals remain at large. In parallel, the US offered rewards of up to $2 million each for information leading to their arrests and convictions.

Additionally, an indictment was unsealed charging eight employees of the Chinese company Anxun Information Technology Co. Ltd. (also known as ‘i-Soon’) with involvement in extensive cyber intrusions from 2016 to 2023. The intrusions targeted email accounts, cell phones, servers, and websites, generating millions of dollars in revenue through hacking services.

The US Department of State is offering up to $10 million in rewards for information leading to the suspects’ identification or location. i-Soon is accused of conducting cyber operations at the request of Chinese authorities, including transnational repression, as well as carrying out independent cyber intrusions and selling stolen data to Chinese government agencies for substantial fees.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

25 arrested in an international law enforcement op against AI-generated child sexual exploitation

A joint police operation involving authorities from 19 countries dismantled a major criminal network involved in the distribution of AI-generated child sexual exploitation material, resulting in the arrest of 25 suspects worldwide and the identification of 273 individuals linked to the illegal activities. The large-scale operation, codenamed ‘Operation Cumberland’, was led by Danish law enforcement.

The investigation uncovered an online platform operated by a Danish national, where AI-generated images of minors were sold for symbolic payments. The platform was designed to evade law enforcement by masking illegal activities behind legitimate transactions. The Danish national, arrested in November 2024, is believed to be the ringleader and faces serious charges.

The operation led to 33 house searches, the confiscation of 173 electronic devices, and the identification of 273 additional individuals involved in the criminal network. Among those arrested were two Australian men, confirmed the Australian Federal Police (AFP).

In a separate case, the AFP apprehended a Melbourne man for allegedly attempting to steal mobile numbers through a porting scam. The scam involved transferring mobile numbers from identity theft victims to a device controlled by a scammer, allowing them to bypass security measures and access sensitive information. The police seized several items, including mobile phones, a computer, SIM cards, and suspected drugs. The man faces charges related to unauthorized data modification, with a maximum penalty of 10 years in prison.