A former information technology employee of an Iowa school district (in the US) has been sentenced to 21 months in federal prison for carrying out a prolonged cyber-attack against his former employer, causing significant disruptions to school operations and tens of thousands of dollars in damages.

According to court documents, 34-year-old Ezekiel Dean Potter worked as a senior IT support specialist for the Saydel Community School District in Des Moines from May 2022 until April 2023. Prosecutors said that after leaving the district, Potter retained access credentials and used them to repeatedly target the district’s computer systems over a 21-month period.

Vor seiner Entlassung lud Potter mehr als 300 Benutzernamen und Passwörter herunter, die zu Konten und Programmen des Schulbezirks gehörten. Den Behörden zufolge nutzte er die Zugangsdaten später, um auf die Systeme des Schulbezirks zuzugreifen oder dies zu versuchen, Mitarbeiterzugriff zu widerrufen, Konten zu löschen und den Betrieb zu stören.

Die Angriffe begannen im Juni 2023, als Potter eine der Social-Media-Seiten des Schulbezirks deaktivierte. Die Vorfälle führten zu bezirksweiten IT-Ausfällen und erforderten umfangreiche Wiederherstellungsarbeiten. Im Januar 2025 führte eine Reihe von Angriffen auf die Anwendungen des Schulbezirks zur mehrstündigen Aussetzung des Unterrichts.

Police determined that Potter conducted many of the attacks from the offices of later employers. Authorities also found that he left behind a USB drive containing hundreds of district usernames and passwords and later attempted to have a former coworker wipe the device.

In addition to his prison sentence, Potter was ordered to serve three years of supervised release and pay nearly $60,000 in restitution to the Saydel Community School District and its insurer.

Police crackdown shuts down $380M AudiA6 crypto laundering service

Internationale Strafverfolgungsbehörden haben AudiA6, einen Kryptowährungs-Geldwäschedienst, aufgelöst, dem vorgeworfen wird, Cyberkriminellen dabei geholfen zu haben, mehr als 380 Millionen US-Dollar an illegalen Mitteln zu waschen.

According to Europol, AudiA6 operated from 2022 to 2025 and acted as a crypto mixing service, allowing criminals to hide the origin of stolen money. The platform moved funds through multiple transactions before returning them to users in exchange for a fee.

Die Ermittlungen waren an Behörden aus 11 Ländern beteiligt, unterstützt von Europol und Eurojust. Der Fall kam voran, nachdem ein ukrainischer Verdächtiger im September 2025 in Polen festgenommen wurde. Auf den Geräten des Verdächtigen gefundene Beweise halfen der Polizei, weitere Mitglieder des Netzwerks zu identifizieren.

Authorities arrested two suspected AudiA6 administrators in Georgia. Police also searched three locations, seized 25 domains, confiscated 80 vehicles and properties, froze or seized cryptocurrency worth hundreds of thousands of euros, and blocked Telegram accounts linked to the operation.

Blockchain investigation found that more than 10,000 Bitcoin, worth nearly $390 million at the time, passed through AudiA6 wallets since the service began in 2021. Officials say some of the funds were linked to ransomware gangs, Dark Web markets, and other criminal activities.

US-Staatsanwälte haben den 37-jährigen ukrainischen Staatsbürger Ruslan Igorevich Tkachuk und den 25-jährigen russischen Staatsbürger Alexander Vladimirovich Ledenev wegen Geldwäsche angeklagt. Die Behörden gehen davon aus, dass sie sowohl AudiA6 als auch das Dark2Web Cybercrime-Forum betrieben, auf denen illegale Dienste beworben wurden.

Im Falle einer Verurteilung drohen beiden Männern bis zu 20 Jahre Haft.

A Conti ransomware affiliate pleads guilty in the US

Ein aus Irland in die USA ausgelieferter Ukrainer hat sich der Anklage im Zusammenhang mit der Conti-Ransomware-Bande schuldig bekannt.

Der 44-jährige Oleksii Oleksiyovych Lytvynenko gab zu, zwischen 2021 und 2022 an Conti-Ransomware-Angriffen beteiligt gewesen zu sein. Die Staatsanwaltschaft erklärte, er habe dabei geholfen, Opfer in den USA und anderen Ländern anzugreifen, indem er Daten stahl, Computersysteme verschlüsselte und Lösegeld in Bitcoin forderte. Lytvynenko gab außerdem zu, an einem Malware-„Loader“ gearbeitet zu haben, einem Tool, mit dem schädliche Software auf die Systeme der Opfer heruntergeladen wird.

Gerichtsunterlagen zufolge griff die Conti-Gruppe weltweit mehr als 1.000 Opfer an und kassierte mehr als 150 Millionen US-Dollar an Lösegeld. Die Conti-Bande gehörte zu den weltweit aktivsten Cyberkriminalitätsgruppen und hatte Krankenhäuser, Unternehmen, Schulen und Regierungsbehörden im Visier. Die Gruppe beendete ihre Aktivitäten im Jahr 2022, nachdem interne Chats durchgesickert waren und die Strafverfolgungsbehörden den Druck auf ihre Mitglieder erhöhten.

Lytvynenko was arrested in Ireland in July 2023 and later extradited to the United States. He faces up to 20 years in prison.

Authorities say former Conti members later joined or formed other ransomware groups, such as ALPHV/BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group. In September 2023, the US and UK authorities sanctioned and charged several Russian nationals linked to the Conti and TrickBot cybercrime operations for attacks on more than 900 victims worldwide. In 2024, Ukrainian authorities arrested an alleged malware developer for the LockBit and Conti ransomware operations.

The US takes action against an AI-powered phishing service, a cyber-espionage op, and deepfake nudes

Im Rahmen einer Reihe von Razzien haben die US-Behörden Dienste zerschlagen, die mit Phishing, Cyberspionage und der Verbreitung von KI-generierten Nacktbildern in Verbindung standen.

More specifically, the FBI and its partners have shut down a large Chinese phishing-as-a-service operation called ‘Outsider Enterprise’ responsible for thousands of fake websites used to steal credit card information and passwords. Active since at least 2023, the group used AI-powered phishing kits to impersonate trusted brands through text messages sent via major carriers, including AT&T, T-Mobile, and Verizon.

Authorities linked the operation to more than 3.8 million stolen credit card records and an estimated $1.9 billion in losses. As part of the police operation, servers were seized, as well as a Shopify storefront, testing accounts, and about $100,000 in cryptocurrency. In addition, Google filed a civil lawsuit to dismantle Outsider Enterprise’s infrastructure.

The authorities have also dismantled 13 websites allegedly linked to a Chinese espionage operation that targeted current and former US government employees with security clearances. The sites posed as legitimate consulting firms and advertised fake analyst and consultant jobs to recruit individuals with access to sensitive information.

According to the US Department of Justice, the operators used fake identities, stolen personal information, AI-generated photos, encrypted messaging apps, and cryptocurrency payments to conceal their activities.

In a separate operation, the DoJ has seized the websites CFAKE[.]com and SOCFAKE[.]com, which allegedly hosted nonconsensual AI-generated nude images and videos of women. The sites reportedly distributed sexually explicit deepfakes featuring politicians, celebrities, athletes, musicians, and members of royalty from several countries. The action appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act, a law aimed at combating the spread of nonconsensual intimate imagery, including AI-generated content.

Demo anfordern

ImmuniWeb kann Ihnen helfen, Datenpannen zu verhindern und regulatorische Anforderungen zu erfüllen.

Chinesische Polizei verhaftet 67 Verdächtige mit Verbindungen zur Cyberkriminalitätsgruppe „Silver Fox“

Chinesische Behörden haben 67 Personen festgenommen, die mit „Silver Fox“, der größten und aktivsten Cybercrime-Gruppe des Landes, in Verbindung stehen. Nach Angaben der Behörden nahm „Silver Fox“ Mitte 2024 seine Tätigkeit auf und richtete sich ausschließlich an chinesischsprachige Nutzer sowohl in China als auch im Ausland.

The coordinated operation took place across five provinces and targeted key members of the criminal network, including malware developers, phishing site operators, and affiliates. Authorities identified Ji Moufei as the key developer and distributor of the Silver Fox trojan. Ji and four associates were arrested in Zhejiang Province.

In Jilin Province, police detained 28 suspects, including a man surnamed Chen who allegedly developed a variant of the malware. Silver Fox mainly targets employees of businesses and public institutions, particularly finance personnel. Once installed, the malware can remotely control infected systems, steal passwords, intercept SMS verification codes, and collect sensitive personal and corporate data.

Additional arrests were made in Shandong Province, where sixteen accomplices were accused of operating phishing websites that tricked users into downloading malware-infected files. In Guangdong, police arrested fourteen suspects for allegedly using the trojan to compromise systems, steal online assets, and conduct fraud schemes worth more than 7 million yuan (approx. $1 million). Police said the group also distributed phishing emails and stole corporate information.

Authorities also arrested three people in Zhejiang for developing fake app download websites that distributed the Silver Fox trojan.