LabHost Co-Founder Gets 8.5 Years In Prison
Read also: A phishing gang used malware to alter property records, a scammer faces 20 years in prison for remote access fraud, and more.
Thursday, April 17, 2025
Developer behind the global phishing platform LabHost jailed for 8.5 years
Manchester Crown Court has sentenced 23-year-old Zak Coyne, of Woodbine Road, Huddersfield, to eight and a half years in prison for his role in operating the global cybercrime platform LabHost. The sophisticated phishing-as-a-service (PhaaS) operation was launched in 2021 and quickly became a go-to resource for cybercriminals around the world.
Coyne, who had pleaded guilty to multiple serious offenses, including making or supplying articles for use in fraud, encouraging or assisting offenses, and transferring criminal property, was a key figure behind LabHost’s operations. The service allowed users to create, customize, and deploy fake websites designed to mimic legitimate institutions, including banks, healthcare providers, and postal services, with the primary aim of tricking unsuspecting victims into handing over sensitive personal and financial data.
LabHost operated on a subscription model, granting paying criminals access to a broad selection of ready-made phishing templates or the ability to request fraudulent pages tailored to specific scams. The platform supported over 2,000 users worldwide.
The service was shut down in April 2024 following the coordinated effort involving law enforcement agencies from 19 countries. The operation resulted in the arrest of 37 suspects connected to LabHost, including four key figures in the United Kingdom.
A phishing gang used malware to alter property records for a fee
Ukrainian cyberpolice have dismantled a phishing gang behind a sophisticated scheme aimed at manipulating property records for financial gain. The criminal operation involved four individuals, one of whom was a private enforcement officer, lending the group insider access to sensitive legal and property systems.
The scheme focused on the removal of legal restrictions on the sale or transfer of property, affecting both movable and immovable assets. The service was offered for a fee and actively promoted within specific online communities.
The group specifically targeted state enforcement officers and private notaries—individuals with legal authority to alter property records. The perpetrators used phishing emails that mimicked official communications from Ukrainian courts or governmental agencies and contained embedded malware to gain remote access to a victim’s device. Using stolen credentials, the attackers remotely accessed official systems to remove property restrictions and fraudulently re-register ownership. This enabled illegal transfers of valuable assets without the knowledge or consent of rightful owners.
To evade detection by law enforcement and cybersecurity agencies, the group operated out of remote, forested locations in the Kyiv region. There, they set up mobile operations using laptops outfitted with specialized hacking tools and anonymization software to mask their identities and locations during the cyber intrusions. If convicted, the defendants could face prison sentences of up to six years.
International crackdown dismantles online fraud network operating from Romania
Romanian authorities, in close coordination with French and British partners, have dismantled a criminal group responsible for laundering millions through an elaborate online fraud scheme. The operation resulted in multiple arrests and property seizures across Europe.
The gang allegedly made at least EUR 3 million by sending fraudulent emails that impersonated legitimate businesses, tricking both individuals and companies into transferring money to accounts controlled by the criminals. The group recruited hundreds of money mules, many of whom were sent to the United Kingdom to open bank accounts used to funnel the stolen funds.
Authorities have identified 113 victims across several European countries, with the majority based in the UK. In addition to physical money transfers, some of the laundering was conducted remotely from Romania using UK SIM cards, VPN services, and counterfeit British residence documents.
According to Eurojust, 13 suspects in Romania were targeted with preventative measures, while 31 locations were searched and assets frozen. In the UK, seven suspects were arrested and five properties raided.
A scammer faces 20 years in prison for remote access employment fraud scheme
Minh Phuong Ngoc Vong, a 40-year-old from Maryland, US, pleaded guilty to conspiracy to commit wire fraud in a long-running scheme that allowed foreign nationals, primarily in China, to use his identity to gain employment with US companies and federal agencies. Vong had no qualifications or experience in software development but was hired as a remote developer after false resumes were submitted under his name.
The fraud scheme also involved Vong’s co-conspirator based in Shenyang, China, known as "John Doe" and "William James." One incident occurred in January 2023, when Vong was hired by a Virginia tech firm working on an FAA contract. He gave Doe remote access to his work-issued laptop, allowing unauthorized foreign access to sensitive government systems.
Between 2021 and 2024, at least 13 US companies were defrauded, with over $970,000 earned under false pretenses. Some of the victim companies held government contracts, the US authorities noted. Vong has pleaded guilty and faces up to 20 years in prison. His sentencing date has not yet been set.
Intelligence from encrypted communication platforms led to 232 arrests
A major European law enforcement operation, codenamed ‘Operation BULUT,’ has led to the arrest of 232 individuals and the seizure of over €300 million in assets, targeting large-scale drug trafficking networks.
Conducted on April 15, 2025, and coordinated by Europol, the operation spanned multiple countries, including Belgium, France, Germany, the Netherlands, Spain, and Türkiye.
The operation dismantled several powerful criminal organizations responsible for smuggling vast quantities of drugs into Europe and Türkiye. Authorities seized 21 tons of drugs, including 3.3 million MDMA tablets, along with 681 properties and 127 vehicles. The investigation also uncovered the networks’ involvement in money laundering and violent crimes.
The success of the operation was largely due to intelligence gathered from encrypted communication platforms like Sky ECC and ANOM, which provided critical insights into criminal operations. French and Australian authorities shared decrypted data with Turkish investigators, and Turkish police worked alongside Europol to track criminal ties across borders.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.