Two former business executives have pleaded guilty for their roles in supporting international tech-support fraud operations that targeted victims across the globe. Adam Young and Harrison Gevirtz operated a telecommunications services company that knowingly provided services, including telephone numbers, call routing, tracking, and forwarding, to customers involved in tech-support scams.

The case is connected to a 2020 investigation into telemarketing fraud schemes that resulted in the convictions of several India-based fraudsters and a former employee of the company. Victims were instructed to call phone numbers that connected them to fraudulent call centers, where they were pressured into paying hundreds of dollars for unnecessary or fake technical-support services. In some cases, scammers remotely accessed victims’ computers and stole personal or financial information.

According to prosecutors, since at least 2017, Young and Gevirtz have been aware that some customers were involved in illegal activities but have not reported it to law enforcement. Instead, they allegedly advised customers on how to avoid complaints and prevent account terminations and helped fraudsters buy and sell scam-generated calls.

Court filings further allege the executives directed employees to market company services to known tech-support scammers and facilitated introductions between fraud operators and other service providers who could assist illegal operations. Both men pleaded guilty to misprision of a felony, a federal offense involving the concealment of known criminal activity. Sentencing is scheduled for June 16, 2026.

An international op dismantles the First VPN network used by cybercriminals

French and Dutch authorities, with support from Eurojust and Europol, have dismantled a major criminal virtual private network service known as ‘First VPN.’ The operation, carried out on 19 and 20 May, targeted infrastructure allegedly used by hackers, ransomware actors, and other cybercriminals to hide their identities.

As part of the operation, 33 servers linked to the service have been shut down and several domain names (1vpns[.]com, 1vpns[.]net, and 1vpns[.]org) connected to the network have been seized along with associated onion domains. Authorities have also conducted a house search and interviewed a suspect in Ukraine.

According to Europol, First VPN appeared in nearly every major cybercrime investigation supported by the agency. The service allegedly marketed itself directly to criminals by promising complete anonymity, refusing cooperation with judicial authorities, and claiming not to store user data. Eurojust opened the investigation in May 2022 after the VPN service was advertised on criminal forums. A joint investigation team between French and Dutch authorities was established in November 2023.

Authorities said users of the criminal VPN service have been notified of the shutdown and informed that they have been identified.

Operation Ramz leads to 201 arrests in major MENA cybercrime crackdown

A large-scale cybercrime operation conducted across the Middle East and North Africa (MENA) has led to 201 arrests and the identification of 382 additional suspects connected to phishing, malware distribution, and online fraud activities.

Codenamed “Operation Ramz,” the action, carried out between October 2025 and February 2026, involved law enforcement agencies from 13 countries and was aimed at disrupting cybercriminal infrastructure and phishing networks.

During the coordinated crackdown, authorities identified 3,867 victims and seized 53 servers. In Algeria, police dismantled a phishing-as-a-service (PhaaS) operation after tracing and confiscating a server hosting phishing tools and scripts. Police also seized computers, mobile phones, and hard drives linked to the scheme, as well as arrested one suspect.

In Morocco, authorities confiscated electronic devices containing stolen banking data and phishing software used in cyber fraud campaigns. In Qatar, law enforcement officers discovered compromised devices being used to distribute malware. The affected systems were secured, and the owners were notified.

Jordanian authorities uncovered a sophisticated financial fraud operation involving a fake online trading platform. During raids, police found that 15 people involved in the scams were actually victims of human trafficking. The individuals, recruited from Asian countries under false job offers, reportedly had their passports confiscated and were forced to participate in fraudulent activities. Two alleged ringleaders were arrested.

In Oman, authorities shut down a compromised server located in a private residence after discovering it contained sensitive data and had been infected with malware due to critical security vulnerabilities.

Over 30 people linked to a large-scale SMS phishing and spam operation arrested in South Korea

South Korean police have arrested 36 people in connection with a massive SMS phishing and spam operation that allegedly sent more than 580 million fraudulent text messages over a 15-month period.

The suspects include the CEO and employees of several bulk messaging firms, as well as a worker at a mobile virtual network operator (MVNO) accused of helping to cover up the illegal activity. Authorities said the group manipulated caller IDs so messages and calls appeared to come from legitimate financial institutions and telecommunications providers. Police uncovered 18 companies allegedly involved in distributing phishing messages impersonating credit card companies, banks, and telecom operators. Law enforcement officers arrested 39 individuals in total, with five placed in detention.

The operation sent around 180,000 fraudulent voice advertisements between January 2024 and March 2025 via a telco company that leased network infrastructure from major carriers. Posing as financial officials or police, scammers pressured victims into transferring money by claiming they were connected to criminal investigations.

Police identified 41 victims in the voice-phishing scheme, with reported losses totaling 9.4 billion won (about $6.8 million). A separate SMS phishing campaign linked to the same network allegedly targeted additional victims, causing losses of 8.6 billion won.

Authorities said an employee identified only as “A” provided network access credentials and account information to the phishing organization, allowing remote access to systems used for caller ID spoofing. Although the employee claimed during a regulatory inspection that the systems had been hacked, police said they found no evidence of unauthorized intrusion and discovered the suspect had a prior conviction related to providing telecommunications infrastructure to phishing groups.

The investigation involved 62 search and seizure operations targeting telecommunications and messaging companies. Police also secured court approval to confiscate and forfeit approximately 8.92 billion won in suspected criminal proceeds.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A hacker involved in a scheme targeting US retail customers arrested in Ukraine

Ukrainian authorities have detained an 18-year-old suspect allegedly linked to an international cybercrime operation that compromised nearly 30,000 customer accounts linked to a US-based online retailer.

The investigation was launched after US authorities alerted Ukrainian law enforcement to possible involvement by hackers operating from Ukraine in attacks targeting users of American e-commerce platforms. According to officials, the group gained unauthorized access to tens of thousands of customer accounts belonging to an unnamed California-based retailer between 2024 and 2025.

Authorities allege that at least 5,800 of the compromised accounts were later used to make unauthorized purchases totaling approximately $721,000, resulting in more than $250,000 in losses, including chargeback-related costs. The cybercriminals used info-stealing malware to infect devices and collect login credentials and session data. The stolen information was allegedly processed and sold through online platforms and Telegram channels.

A Ukrainian suspect, identified as an 18-year-old resident of Odesa, is accused of managing online infrastructure used to process, sell, and exploit the stolen data. He also allegedly used cryptocurrency services to conduct transactions with accomplices.

Authorities carried out searches at two properties linked to the suspect, seizing mobile phones, computers, bank cards, and electronic storage devices. During the searches, police officers found alleged credentials for platforms used to sell stolen data, email accounts linked to compromised users, server activity logs, and cryptocurrency exchange account information.