Two US cybersecurity professionals have pleaded guilty in US court to conspiring to conduct ransomware attacks against victims across the United States in 2023, according to court records.

Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, admitted their roles in a scheme that deployed the ALPHV/BlackCat ransomware between April and December 2023. At the time of the attacks, Goldberg worked for incident response firm Sygnia, while Martin was employed as a ransomware negotiator at financial technology company DigitalMint.

Goldberg was arrested on September 22, followed by Martin’s arrest on October 14. Prosecutors say the two men, along with another co-conspirator, used the ALPHV/BlackCat ransomware to target multiple victims nationwide. In return for access to the group’s ransomware and extortion infrastructure, they agreed to provide the ransomware operators with 20% of any ransom payments.

In one case, the group successfully extorted approximately $1.2 million in Bitcoin from a victim. The conspirators divided their 80% share of the ransom proceeds and laundered the funds using various techniques.

ALPHV/BlackCat operated as a ransomware-as-a-service platform and is believed to have targeted more than 1,000 victims worldwide. In December 2023, the US Department of Justice disrupted the operation, with the FBI developing a decryption tool for the affected victims.

Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion. They are scheduled for sentencing on March 12, 2026, and each faces a maximum sentence of 20 years in prison.

Bitfinex crypto hacker released from prison without serving full term

Ilya Lichtenstein, the Russian-US national, convicted for his role in the 2016 hack of cryptocurrency exchange Bitfinex, has been released from prison earlier than expected and is now under home confinement, according to a Trump administration official.

Lichtenstein, 38, was sentenced in November 2024 to five years in federal prison for his involvement in a money laundering conspiracy linked to the theft of nearly 120,000 bitcoin from Bitfinex. The Federal Bureau of Prisons had previously listed his projected release date as January 25, 2026. His was released under the First Step Act, a criminal justice reform law passed in 2018 under President Donald Trump. The law allows eligible inmates to earn time credits for good behavior and participation in rehabilitation programs, potentially shortening their sentences.

In February 2022, Lichtenstein and his wife, Heather Morgan, were arrested in connection with the massive hack, which at the time was valued at roughly $4.5 billion. Authorities seized more than $3.6 billion in cryptocurrency linked to the theft, making it one of the largest financial seizures in US history. Since then, the government has recovered an additional estimated $475 million linked to the cyber heist.

According to prosecutors, Lichtenstein used advanced hacking techniques to breach Bitfinex’s systems and authorized more than 2,000 fraudulent transactions, transferring 119,754 bitcoin into wallets he controlled. He also attempted to erase digital evidence by deleting access credentials and log files. Morgan helped him to launder the stolen funds through fake identities, automated transactions, cryptocurrency mixing services, and the purchase of gold coins and other digital assets. The 2016 Bitfinex hack caused a sharp drop in bitcoin’s value at the time and remains one of the most notorious heists in cryptocurrency history.

Morgan was sentenced to 18 months in prison and was released slightly early as well.

A founder of a spyware firm pleads guilty in the US

Bryan Fleming, the founder of US-based spyware company pcTattletale, has pleaded guilty in a San Diego federal court to charges including computer hacking, the sale and advertising of surveillance software for unlawful purposes, and conspiracy. The plea follows a multi-year investigation led by Homeland Security Investigations (HSI), a unit of US Immigration and Customs Enforcement.

HSI began probing pcTattletale in mid-2021 as part of a broader crackdown on consumer-grade surveillance software, commonly known as “stalkerware.” According to court filings, investigators obtained warrants to search Fleming’s email accounts and later his home, uncovering evidence that he knowingly assisted customers seeking to spy on nonconsenting adults. Financial records reviewed by agents showed more than $600,000 in transactions through Fleming’s bank and PayPal accounts by the end of 2021.

This case is the first successful US federal prosecution of a stalkerware operator in more than a decade, following the 2014 guilty plea of the creator of the StealthGenie phone surveillance app.

pcTattletale, which Fleming controlled from at least 2016, allowed users to secretly monitor messages, photos, and location data once installed on a victim’s device. Fleming shut down the service in 2024 after a major data breach exposed sensitive information belonging to both customers and their victims.

Canada’s “most wanted” Desjardins fraud case suspect arrested in Spain

A man wanted across Canada in connection with a multimillion-dollar fraud linked to the Desjardins data breach has been arrested in Spain.

According to local police (Sûreté du Québec, SQ), Juan Pablo Serrano, one of the province’s most wanted fugitives, was taken into custody on November 6, 2025. He remains detained in Spain and is expected to be extradited to Canada.

Authorities allege Serrano, 40, a Canadian citizen of Ecuadorian descent, purchased stolen personal data belonging to clients of Canadian credit union giant Desjardins and used it to carry out various fraud schemes. He will face charges including fraud, identity theft, and trafficking in identity information.

The arrest was made as part of a joint operation involving Spanish police, the SQ, and Interpol. Serrano had been sought by Canadian authorities since June 2024.

The case is linked to the massive Desjardins data breach disclosed in 2019, which affected approximately 9.7 million clients in Canada and abroad. Police have said the personal information was obtained and later sold to “malicious individuals” who operated multiple fraud schemes.

Several suspects were arrested in 2024 as part of the SQ’s investigation, including the mastermind behind the scheme, a Desjardins employee who worked in the marketing department.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Alleged cyber scam kingpin arrested, extradited to China

Cambodian authorities have arrested and extradited to China Chen Zhi, the head of the Prince Group conglomerate and the alleged mastermind behind a sprawling, multi-billion-dollar cyber scam operation.

Cambodia’s Ministry of Interior said Chen Zhi was detained alongside two other individuals. The arrests follow international sanctions imposed in October by the United States and the United Kingdom on Chen, 128 entities connected to him and Prince Group, and 17 other people accused of facilitating large-scale scamming networks.

The US authorities have accused Chen Zhi of running an empire involved in illegal online gambling, sextortion, money laundering, and the trafficking and abuse of workers forced to operate scam centers.

The US Department of Justice indicted Chen Zhi and seized a record $15 billion in bitcoin allegedly held across 25 of his accounts. British authorities have also confiscated dozens of London properties linked to the group, including a £100 million office building and a £12 million mansion. Taiwan, Singapore, and Hong Kong have carried out related seizures.

Cybercrime has surged in Southeast Asia, especially in Cambodia and Myanmar, where weak law enforcement allows casinos to act as criminal hubs. Trafficked foreigners, lured by fake job offers, were forced to run romance and cryptocurrency scams under near-slavery conditions. The US authorities allege that Prince Holding Group built at least 10 such compounds in Cambodia. An 18-month Amnesty International investigation into cybercrime in the country found evidence pointing at “state complicity in abuses carried out by Chinese criminal gangs.”