Read also: CryLock ransomware operators sentenced to 7 and 5 years in Belgium, US law enforcement raids 16 states in north korean IT worker scheme crackdown, and more.

Views: 2.9k Read Time: 4 min.

Spanish Police Arrest Two In Major Data Leak Targeting Top Government Officials

Spanish police arrest two in major data leak targeting top government officials

Spanish police have arrested a 19-year-old computer science student and his accomplice for allegedly leaking the personal information of senior political figures and journalists, in what authorities are calling a serious threat to national security.

The main suspect, identified as Yoel OQ, was detained at his parents’ residence in Gran Canaria, while his alleged accomplice, Cristian Ezequiel SM, was also taken into custody.

Yoel is accused of hacking and leaking sensitive data belonging to top officials, including Prime Minister Pedro Sánchez, Congress President Francina Armengol, and Catalan President Salvador Illa. The compromised information reportedly includes phone numbers, ID numbers, addresses, and email accounts.

Officials said the two suspects sold access to the stolen data and the tools used to extract it, demanding cryptocurrency payments to avoid detection. They are facing charges of terrorism, cyberterrorism, and making terrorist threats, with the goal of coercing state institutions and intimidating political figures and journalists. Authorities said that the suspects were active in far-right online forums, from which the leaks are believed to have originated.

CryLock ransomware operators sentenced to 7 and 5 years in Belgium

The Brussels Criminal Court has sentenced a Russian hacker, identified as VS, to 7 years in prison for developing and spreading the Crylock ransomware. His former partner, ET, received a 5-year sentence, with 1 year suspended. The couple earned millions of euros through the cybercrime operation.

VS was the mastermind behind the criminal organization and the developer of Crylock, while ET was responsible for promoting the ransomware and negotiating with victims. Both defendants were also given an additional 2-year prison sentence, the maximum allowed, for refusing to cooperate with the investigation. Notably, VS never provided the password to access his crypto wallet, meaning over 60 million euros in seized bitcoins remain inaccessible. Throughout the trial, both continued to deny or downplay their roles.

In an unrelated action, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russia-based bulletproof hosting provider Aeza Group for allegedly supporting cybercriminal operations.

The company is accused of knowingly providing infrastructure to threat groups behind ransomware and information-stealing malware, including BianLian, RedLine, Meduza, and Lumma. It’s worth noting the Lumma Stealer operation was disrupted in May 2025 as part of the global law enforcement effort.

US authorities take action against North Korean remote IT worker schemes

The US Department of Justice has launched a major crackdown on a North Korean scheme that used remote IT work to fund Kim Jong Un's regime. North Korean operatives, using fake or stolen identities, secured remote jobs with over 100 US companies, including Fortune 500 firms, and were paid for work performed while based overseas. Some also stole sensitive data, including military technology and cryptocurrency.

The schemes involved a global network of accomplices in the US, China, the UAE, and Taiwan who helped set up fake companies, websites, and identities. Authorities arrested Zhenxing “Danny” Wang, a US citizen, for his role in the scheme, which generated over $5 million in fraudulent revenue and compromised more than 80 American identities. He and others allegedly received nearly $700,000 for facilitating the fraud.

US law enforcement searched nearly 30 locations across 16 states, seized financial accounts and fake websites, and unsealed indictments against several co-conspirators. Additionally, four North Korean nationals were charged in a related case for stealing over $900,000 in cryptocurrency through fraudulent employment at blockchain companies. They laundered the funds through crypto mixers and fake foreign accounts.

This is not the first time the US authorities charged individuals involved in aiding the North Korean IT worker fraud. In 2023, the police arrested an American woman, Christina Marie Chapman, accused of participating in a scheme that funneled nearly $7 million to North Korea, potentially supporting its weapons program. Chapman allegedly used the stolen identities of 60 Americans to help North Korean IT workers pose as US citizens and secure jobs at over 300 American companies, including Fortune 500 firms and defense contractors.

Chapman allegedly operated a “laptop farm” from her home, using company-issued devices to make it appear the workers were based in the US. She is accused of receiving salaries on their behalf, charging monthly fees for her services, and attempting to help the workers gain jobs at US government agencies. In February 2025, Chapman pleaded guilty to the charges and now may face a sentence of 94 to 111 months in federal prison. A date has not yet been set for the sentencing.

Another US citizen, Minh Phuong Ngoc Vong, who allegedly obtained jobs under his own name and outsourced the work to North Korean workers, pleaded guilty in April 2025. He now faces up to 20 years in prison. In 2024, Ukrainian national Oleksandr Didenko was arrested in Poland and charged in the US for running a website called ‘UpWorkSell’ that allegedly helped North Korean IT workers use fake identities to get jobs at US-based enterprises.

A former IT worker jailed for cyber-attack that cost the employer £200,000

A disgruntled IT worker has been sentenced to over seven months in prison after launching a cyber-attack against his former employer, causing financial and reputational losses totaling £200,000 ($274,000). Mohammed Umar Taj, 31, previously pleaded guilty to committing unauthorized acts with intent to impair computer operations.

The cyber-attack took place in July 2022, just hours after Taj was suspended from his role. He gained unauthorized access to the company’s premises and IT systems, altering login credentials and bypassing multi-factor authentication protocols. His actions led to significant disruption for the company and its customers in the UK, Germany, and Bahrain. Alongside the estimated £200,000 in financial losses, the firm suffered reputational damage.

Speaking of an insider threat, a business student interning at Société Générale, the major French multinational banking and financial services company, is suspected of leaking customer information to SIM swappers who targeted the bank’s clients in a large-scale fraud scheme. The criminals used the data to impersonate customers and request replacement SIM cards, gaining control of victims’ phone numbers. This allowed them to intercept one-time passwords sent by the bank and steal over €1 million (approx. $1.15 million).

Authorities also arrested two alleged accomplices who laundered the stolen money, seizing cash and 15 luxury handbags from their Paris homes. One suspect, a 24-year-old Frenchman with prior fraud and assault convictions, is believed to have produced fake IDs for the gang. Police found forgery equipment and numerous SIM cards at his residence.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

€460M crypto investment fraud ring taken down in Spain

Spanish authorities, in collaboration with Europol and law enforcement agencies from Estonia, France, and the United States, have dismantled a major international cryptocurrency fraud ring accused of defrauding over 5,000 victims worldwide.

The Guardia Civil arrested five suspects believed to be key figures in the criminal network, including three individuals in the Canary Islands and two in Madrid. Simultaneously, officers conducted five property searches across the locations.

Investigators say the ring orchestrated a sophisticated scam, luring victims into bogus crypto investment schemes and laundering an estimated €460 million in illicit proceeds. The funds were moved through a complex web involving cash withdrawals, bank transfers, and cryptocurrency transactions.

Authorities believe the group operated a corporate and financial structure based in Hong Kong. They allegedly used multiple bank accounts and payment platforms registered under false identities to hide the flow of stolen money.