Read also: Samourai Wallet founders sentenced for laundering over $237M, five plead guilty in a scheme that helped North Korean IT workers earn $2M, and more.

Views: 3.6k Read Time: 5 min.

A Student Sentenced To Four Years In Prison For Cyber Extortion

A student sentenced to four years in prison for cyber extortion

A 20-year-old former university student was sentenced to four years in prison and three years of supervised release for orchestrating two high-impact cyber extortion schemes that targeted US-based companies and threatened the personal data of millions.

Apart from the prison sentence, Matthew D. Lane was ordered to pay a $25,000 fine, more than $14 million in restitution, and forfeiture penalties. Lane had pleaded guilty in June 2024 to cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.

Prosecutors said Lane participated in two separate extortion schemes. Between April and May 2024, he and his accomplices tried to force a telecommunications company to pay a $200,000 ransom by threatening to leak previously stolen customer data.

In a second scheme between August and December 2024, Lane used stolen credentials to breach the network of a software and cloud storage provider serving school systems across the US and Canada. He stole sensitive information, including Social Security numbers, medical details, and passwords, belonging to more than 60 million students and 10 million teachers. The company later received threats that the data would be leaked worldwide unless a $2.85 million Bitcoin ransom was paid.

Samourai Wallet founders sentenced for laundering over $237M

The founders of the Samourai Wallet cryptocurrency mixing service have been sentenced to prison for running a large-scale money-laundering operation that helped criminals hide more than $237 million in illicit funds.

Samourai CEO Keonne Rodriguez received a five-year prison sentence, while Chief Technology Officer William Lonergan Hill was sentenced to four years. Both were also ordered to serve three years of supervised release following their prison terms and to pay $250,000 in fines.

Rodriguez and Hill were arrested in April 2024 and charged with conspiracy to operate an unlicensed money-transmitting business and money laundering. They pleaded guilty in August 2025, admitting to operating Samourai as a money-laundering service and agreeing to forfeit over $237 million.

According to court documents, the pair launched Samourai in 2015 as a mobile app designed to help users conceal cryptocurrency transactions. The laundering scheme involved two company’s core products: the Whirlpool mixing tool and the Ricochet transaction-hopping service.

The tools made Samourai a go-to app for criminals involved in drug trafficking, Dark Web markets, and cybercrime, who collectively processed over $2 billion in illicit funds through the service between 2015 and February 2024. In return, Rodriguez and Hill collected roughly $4.5 million in fees generated by Whirlpool and Ricochet transactions, according to prosecutors.

Five plead guilty in a scheme that helped North Korean IT workers earn $2M

The US Justice Department announced that five people admitted to being involved in a scheme that allowed North Korean IT workers to secretly get remote jobs at American companies. The workers earned more than $2.2 million, which went to North Korea’s sanctioned government. At least 136 US companies were affected.

Prosecutors say identities from more than 18 Americans were stolen or misused. In three cases, US citizens willingly gave their personal information to the North Korean workers. Three men, Audricus Phagnasay (24), Jason Salazar (30), and Alexander Paul Travis (34), have pleaded guilty to conspiracy to commit wire fraud. They let North Korean workers use their identities to get US tech jobs. The trio kept company laptops in their homes, set up remote-access software, and helped the workers pass job checks. Travis, who was serving in the US Army at the time, was paid over $51,000. Phagnasay made about $3,450 and Salazar about $4,500. The North Korean workers using their names made about $1.28 million.

A Ukrainian man, Oleksandr Didenko, also pleaded guilty to wire fraud and identity theft. He stole US identities and sold them to North Korean organizers, helping them get jobs at 40 companies. He was extradited from Poland in December 2024. The DOJ had previously linked him to several “laptop farms.” Another person that operated a laptop farm for North Koreans, Christina Chapman, was sentenced to 8.5 years in prison last year.

Erick Ntekereze Prince, from Florida, also pleaded guilty to wire fraud conspiracy. He used his company to place North Korean workers using stolen or fake identities at multiple US firms. He ran a laptop farm and made about $89,000. He was charged along with Emanuel Ashtor and Pedro Ernesto Alonso de los Reyes. Ashtor is still waiting for trial, and de los Reyes is in custody in the Netherlands, awaiting extradition. Together, they are accused of helping North Korean workers earn nearly $1 million at 64 companies.

The Justice Department also announced that it has seized more than $15 million in cryptocurrency stolen by North Korea’s APT38 (also known as Lazarus or TraderTraitor). The FBI says the money is linked to big crypto hacks in 2023, including the $100 million Atomic Wallet theft, the $60 million Alphapo theft, and the $100 million Harmony Horizon Bridge hack.

Dutch police dismantle CrazyRDP bulletproof hosting linked to cybercrime and CSAM

Dutch authorities have taken down the CrazyRDP criminal hosting service, seizing servers allegedly used to support ransomware operations, botnets, phishing campaigns, and the distribution of child sexual abuse material (CSAM).

Investigators say the service had been linked to at least 80 cybercrime cases since 2022 and remained active until the takedown. Police described it as a “bulletproof hosting” (BPH) provider, an operation that allows customers to host malicious or illegal content while resisting takedown efforts and law enforcement intervention. As part of the operation, officers confiscated nearly 250 physical servers from data centers in The Hague and Zoetermeer. No arrests have been announced so far.

On the same note, the UK, US, and Australia have sanctioned Russian cybercrime infrastructure providers Media Land LLC and ML.Cloud LLC, along with key personnel, for supporting ransomware and other cyber-attacks on businesses and critical infrastructure. Additional sanctions target UK-registered Hypercore, alleged to be a front for Aeza Group, previously sanctioned for providing bulletproof hosting for Russian disinformation campaigns. The entities are believed to have supported major ransomware groups, including Meduza, Lumma Stealer, BianLian, RedLine, LockBit, Play, and BlackSuit.

In an unrelated case, a Dutch man received a 120-hour community service sentence for installing cryptomining equipment on a wind farm’s network to illicitly generate cryptocurrency. In a separate case, Dutch authorities arrested two men from Amsterdam who used phishing emails posing as the International Card Service (ICS) to steal money from victims’ bank accounts.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Alleged Void Blizzard hacker arrested in Thailand

Thai police have detained a 35-year-old suspect at the request of the United States on charges of cybercrime. According to a media report, the detained individual is Denis Obrezko, suspected of involvement in the Russia-linked hacker group known as “Void Blizzard.”

Void Blizzard has been primarily targeting government institutions, defense, transportation, media, NGOs, and the healthcare sector in the US and Europe, including Ukraine. The hackers remained under the radar until September 2024, when they stole sensitive data on approximately 63,000 Dutch police officers, effectively compromising nearly the entire national police workforce.

Denis Obrezko was arrested on November 6 during a joint operation conducted by the FBI and Thai authorities. Thai officials described him as a “world-class hacker” suspected of cyber-attacks on US and European government systems. During the search in his hotel room, officers found electronic devices, including a notebook computer, mobile phone, and digital wallet, that were seized for forensic examination.

In an unrelated case, Thai authorities arrested an alleged Eastern European hacker and recovered more than $432,000 (14 million baht) in stolen digital assets. The suspect had used malware to steal victims’ authentication keys and seed phrases, then converted the funds into USDT and Bitcoin, holding them in multiple wallets. Investigators identified six Thai victims whose combined losses exceeded $100,000 (3.2 million baht).