Liridon Masurica, a 33-year-old from Gjilan, Kosovo, has pleaded guilty to helping commit access device fraud. Known online as ‘@blackdb,’ he was the main figure behind the illegal website BlackDB.cc. The man faces up to 10 years in a US prison, though no sentencing date has been set yet.

According to court documents, Masurica ran BlackDB.cc from 2018 until it was shut down in 2025. The site was used by cybercriminals around the world to buy and sell stolen information, such as login details, credit card numbers, and other personal data.

The stolen data was used to commit crimes like tax fraud, credit card fraud, and identity theft. BlackDB.cc acted as a major online marketplace for cybercrime tools and data.

Masurica was arrested in Kosovo on December 12, 2024, after a joint investigation by US and Kosovar authorities. He was later extradited to the US under an agreement between the two countries.

Admin of LockerGoga, MegaCortex, and Nefilim ransomware ops charged in the US

The US Department of Justice has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national, for leading ransomware operations involving LockerGoga, MegaCortex, and Nefilim, which targeted hundreds of companies worldwide from 2018 to 2021.

Known online as ‘deadforz’, ‘Boba’, ‘msfv’, and ‘farnetwork’, Tymoshchuk allegedly helped encrypt victim networks across the US and Europe, demanding ransom payments in exchange for decryption tools. Authorities say he and his group compromised hundreds of networks globally.

Tymoshchuk is also accused of managing Nefilim ransomware, providing access to affiliates in return for a 20% cut of ransom proceeds. He faces seven charges, including conspiracy, intentional computer damage, unauthorized access, and threats to leak confidential data. Another co-defendant, Artem Stryzhak, extradited from Spain in May 2025, is also facing charges.

Currently, Tymoshchuk remains at large. He was added to the EU Most Wanted list, with the US authorities offering a reward for up to $10 million for information on the man’s whereabouts.

In August of this year, Swiss prosecutors charged a 51-year-old individual living in Switzerland with a series of ransomware attacks that targeted businesses across seven countries, including Scotland, the United States, and Canada. The man was part of a criminal network responsible for ransomware attacks involving such malware strains as “LockerGoga,” “Megacortex,” and “Nefilim” between December 2018 and May 2020.

In November 2022, Ukraine's Cyber Police arrested five suspects linked to LockerGoga, MegaCortex, Hive, and Dharma ransomware attacks.

US Treasury sanctions crypto scam networks in Myanmar and Cambodia

The US Treasury Department has imposed sanctions on individuals and businesses behind large-scale cyber scam operations in Myanmar and Cambodia that have defrauded victims of over $10 billion.

The sanctions focus on Burmese, Cambodian, and Chinese nationals operating scam compounds (often disguised as casinos) that rely on forced labor and target victims globally through cryptocurrency fraud schemes.

Nine individuals and companies connected to Shwe Kokko, a notorious scam hub in Myanmar’s Karen State, were sanctioned, along with four individuals and six entities operating similar compounds in Cambodia. Many of the sites, officials said, are run by Chinese criminal gangs with ties to the Karen National Army (KNA) and the Burmese military.

In an unrelated case, Shengsheng He, 39, of La Puente, California, was sentenced by a US court to 51 months in federal prison for laundering more than $36.9 million in victim funds from a global digital asset investment scam. He was also ordered to pay nearly $27 million in restitution. He funneled stolen money through shell companies and foreign accounts, eventually converting the funds to cryptocurrency and sending them to scam ringleaders in Cambodia.

Massive illegal sports streaming platform Calcio shut down in global anti-piracy crackdown

Calcio, one of the world’s largest illegal sports streaming platforms, has been shut down following a coordinated effort between the Alliance for Creativity and Entertainment (ACE) and sports streaming giant DAZN. Over the past year, Calcio attracted more than 123 million visits across 134 domains, with over 6 million monthly visits from Italy alone, making it the most popular illegal sports streaming service in the country.

According to ACE, over 80% of the platform’s traffic originated from Italy, with additional users based in Spain, the United States, Germany, and France.

Calcio's Moldova-based operator agreed to voluntarily cease all illegal activity after being contacted by ACE and DAZN. All associated domains have now been transferred to ACE and are being redirected to the organization’s "Watch Legally" website, which promotes legitimate streaming options.

The takedown is part of a broader crackdown, which saw the shut down of Streameast, another large illegal live sports streaming network, and Rare Breed TV, an IPTV provider that illegally distributed over 28,000 live channels and 100,000+ on-demand titles.

In July 2025, the US authorities sentenced five people to terms of up to 84 months in prison for running the notorious pirate operation Jetflicks.

The site’s operators, Kristopher Dallmann, Douglas Courson, Felipe Garcia, Jared Jaurequi, and Peter Huber, established an online, subscription-based streaming service in 2007 that utilized software to scour pirate websites for illegal copies of television episodes that were then downloaded and hosted on Jetflicks servers. The Jetflicks catalog included hundreds of thousands of copyrighted television episodes.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A large-scale SIM fraud operation dismantled in South Korea

South Korean police have uncovered a massive telecom fraud scheme involving over 11,000 illegally registered SIM cards, resulting in an estimated 96 billion won ($69 million) in damages. A total of 71 individuals have been identified in connection with the operation, with nine, including the owner of several phone shops in central Seoul, arrested.

Authorities say the group exploited identity verification loopholes in the registration process for foreign nationals purchasing SIM cards through Mobile Virtual Network Operators (MVNOs). The suspects activated SIM cards using scanned copies of foreign passports. At least 1,400 of the SIM cards were directly linked to phishing and other large-scale fraud cases.

The ‘ghost SIMs’ were sold for 200,000 to 800,000 won (~$140 - $570) each to criminal organizations across the country. The anonymous phone lines were allegedly used for voice phishing, drug trafficking, and illegal lending. Police estimate the group earned about 1.6 billion won (~$1,148,000) in illicit profits.

During the investigation, police seized over 3,400 fake application forms and 400 SIM cards, and froze 730 million won (~$524,000) in suspected criminal proceeds. Authorities have also requested the cancellation of 7,395 compromised lines.