The operation led to the seizure of two primary marketplace domains and one blog used by cybercriminals worldwide to buy fake IDs, including driver’s licenses and passports.

The platform, known as VerifTools, specialized in producing and selling counterfeit identification documents capable of bypassing identity verification systems, giving buyers unauthorized access to online accounts and services. These included fake IDs for all 50 US states as well as multiple foreign countries, with prices starting as low as $9, payable in cryptocurrency. Authorities estimate the marketplace generated at least $6.4 million in illicit proceeds.

In the Netherlands, police dismantled the platform’s entire infrastructure, hosted in an Amsterdam data center. The operation resulted in the seizure of two physical servers and more than 21 virtual servers. Currently, it’s unclear if any arrests have been made in connection to the operation.

A hacker charged for major cyber-attack on Rosneft Deutschland

A 30-year-old German man has been formally charged with orchestrating a large-scale cyber-attack against Rosneft Deutschland GmbH, the German subsidiary of the Russian oil giant, in March 2022. Prosecutors say the hack resulted in the theft of 20 terabytes of data and caused nearly €9.75 million in damages.

The Berlin public prosecutor’s office filed charges with the Tiergarten District Court, accusing the man of two counts of data espionage, including one charge of particularly serious computer sabotage. The attack targeted a company classified as part of Germany’s critical infrastructure (KRITIS) in the energy sector.

According to investigators, the man breached Rosneft Deutschland’s systems just days after the start of Russia’s invasion of Ukraine. Critical systems were compromised, and data was subsequently published on a website allegedly operated by the accused and two other members of the hacker collective Anonymous. The site has been offline since mid-2023.

The breach forced Rosneft Deutschland to shut down its systems and launch an investigation. The disruption also crippled internal communications and hampered short-term market operations. Logistics were severely affected, causing minor delivery delays but no major interruption to the region’s oil supply. Additional economic losses are estimated at over €2.5 million.

Two Taiwanese suspects linked to a Chinese ransomware group arrested, released on bail

Two Taiwanese men suspected of collaborating with the Chinese ransomware group known as “CrazyHunter,” responsible for recent cyber-attacks on major Taiwanese institutions, have been arrested and released on bail, according to the Ministry of Justice Investigation Bureau.

The suspects are accused of acting as data traffickers for CrazyHunter, which carried out a series of cyber-attacks between February and March. Victims included Mackay Memorial Hospital and Changhua Christian Hospital, among others. At least four organizations have filed formal complaints.

Authorities said the hacker group, allegedly led by a Chinese national, used ransomware to extort targets, selling stolen data to trafficking networks in both China and Taiwan. During the searches, the authorities have seized computers with evidence of the crimes, including tens of thousands of personal records and cryptocurrency transactions linked to CrazyHunter. The suspects have been released on bail with travel restrictions.

In the meantime, another suspected ransomware affiliate, a Russian national named Ianis Antropenko remains free on bail, enjoying liberties rarely granted to such suspects. Antropenko was indicted in Texas on charges of computer fraud and money laundering linked to the Zeppelin ransomware campaign, which operated between 2019 and 2022 (https://www.immuniweb.com/blog/scattered-spider-member-sentenced-to-10-years-for-multi-million-dollar-crypto-theft.html). The campaign primarily targeted healthcare providers and IT firms by exploiting vulnerabilities in managed service provider (MSP) software. He was released on bail the same day as his arrest and is currently living with minimal restrictions in Southern California while awaiting trial on multiple felony charges.

He faces charges of conspiracy to commit computer fraud and abuse, substantive computer fraud and abuse, and conspiracy to commit money laundering. Prosecutors allege that Antropenko deployed the Zeppelin ransomware to attack individuals, businesses, and organizations worldwide. He pleaded not guilty to all charges last October.

According to media reports, Antropenko violated the terms of his pretrial release at least three times over a four-month span this year. The violations included two arrests in California involving dangerous conduct while under the influence of drugs and alcohol. Authorities have not provided a clear explanation for why he was initially granted release pending trial, nor why parole officers and the presiding judge allowed him to remain free despite the repeated infractions.

It’s worth noting, the US authorities have recently reported the seizure of cryptocurrency and digital assets worth millions of dollars from the affiliates of the Zeppelin, BlackSuit and Chaos ransomware gangs. (https://www.immuniweb.com/blog/us-seizes-over-1m-in-crypto-from-blacksuit-ransomware-gang.html)

The world’s largest illegal sports streaming site Streameast dismantled

Egyptian authorities have dismantled Streameast, the world’s most popular illegal sports streaming website, following the arrest of two men in Sheikh Zayed City earlier this week.

Streameast is known for offering free, unauthorized access to major US sporting events, including the NFL, NBA, MLB, Formula One, UFC, and boxing. Investigators report the site attracted 1.6 billion visits over the past year alone.

During the coordinated raid, authorities seized multiple laptops and smartphones believed to have been used to manage the illegal streaming platform. The two suspects are currently being held on charges related to copyright infringement.

Further investigation uncovered a shell company in the United Arab Emirates, allegedly used to launder advertising revenue from the site. According to law enforcement, Streameast generated over $6.2 million in illicit profits since 2010, with some of the money funneled into real estate investments across Egypt.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A hacker arrested in Spain for altering national exam grades on a government education platform

The Spanish National Police have arrested a hacker in Seville accused of breaching the Andalusian government's Séneca educational platform to alter national exam grades using stolen teacher credentials.

The attack affected at least thirteen professors across multiple Andalusian universities, including those in Jaén, Córdoba, Seville, Huelva, Cádiz, and Almería. An investigation was launched following a report from a high school teacher about suspicious activity on the platform.

According to local media, the suspect, who has a known history of similar cyber offenses, managed to hack into corporate email accounts of professors in leadership roles or connected to the 2025 University Entrance Exams (PAU). Investigators say the intruder used the unauthorized access to modify academic records, including his own and those of individuals close to him, to fraudulently access higher education.

During a search of the suspect’s residence in Seville, authorities seized computer equipment and a notebook containing details of the altered grades. The man now faces charges of illegal access to computer systems, identity theft, and document falsification.