Lesen Sie auch: Zwei große Plattformen der Cyberkriminalität, Tycoon2FA und LeakBase, wurden von Strafverfolgungsbehörden zerschlagen, ein ehemaliger Offizier der US-Luftwaffe wurde wegen Verschwörung mit einem chinesischen Hacker verhaftet, und mehr.

17
10
12
7
Mehr
11
11
8

Aufrufe:6.5k Lesezeit:5 Min.

Hacker eines finnischen Psychotherapiezentrums erhält knapp 7 Jahre Haft.

Finnish psychotherapy center hacker gets nearly 7 years in prison

The Helsinki Court of Appeal sentenced Aleksanteri “Zeekill” Kivimäki, 28, to six years and eleven months in prison for hacking into the now-defunct psychotherapy chain Vastaamo and attempting to extort tens of thousands of patients.

Kivimäki, one of the most notorious hackers and a former member of the infamous Lizard Squad hacking collective, had sought to overturn his 2024 conviction. Prosecutors said he carried out the attack between November 2018 and March 2019, during which he stole sensitive therapy records and later extorted payments from both the company and its patients using the moniker “ransom_man.”

Nachdem Vastaamo eine Lösegeldforderung von 450.000 Euro abgelehnt hatte, schrieb Kivimäki angeblich mehr als 20.000 Patienten per E-Mail an und forderte 200 Euro in Kryptowährung. Er drohte, den Betrag auf 500 Euro zu erhöhen, wenn die Zahlung nicht innerhalb von 24 Stunden erfolgte. Schließlich wurden Therapieaufzeichnungen von mehr als 2.000 Patienten online veröffentlicht. Mindestens ein Selbstmord soll mit dem Einbruch in Verbindung stehen. Vastaamo meldete später Insolvenz an.

Laut finnischen Medien verhängte das Gericht eine Freiheitsstrafe von sechs Jahren und elf Monaten unter der Auflage, dass Kivimäki separate Vereinbarungen zur Entschädigung der Opfer erfüllt. Sein Anwalt erklärte, dass sich Kivimäki derzeit nicht in Finnland aufhalte und sein Aufenthaltsort unbekannt sei.

Kivimäki was arrested in France in February 2023 and later extradited to Finland. In late 2025, Finnish prosecutors charged Daniel Lee Newhard, a 28-year-old American citizen living in Estonia, with aiding and abetting blackmail and extortion in the Vastaamo hacking case.

The Tycoon2FA PhaaS and the LeakBase hacking forum shut down following a police op

An international operation led by Europol has dismantled Tycoon2FA, a large phishing-as-a-service platform used by cybercriminals to bypass multi-factor authentication and steal account credentials. Authorities seized and shut down 330 domains that supported the platform’s infrastructure, including phishing pages and control panels.

Active since August 2023, Tycoon2FA targeted organizations worldwide, affecting nearly 100,000 entities, including government agencies, schools, and healthcare providers. By mid-2025, the platform was reportedly sending tens of millions of phishing emails each month, reaching over 500,000 organizations.

In einer parallelen Aktion hat das US-FBI im Rahmen einer internationalen Strafverfolgungsaktion namens „Operation Leak“, die ebenfalls von Europol koordiniert wird, die Domains des Cybercrime-Forums LeakBase beschlagnahmt.

The operation involved agencies from 14 countries and included arrests, house searches, interviews, and “knock-and-talk” actions across the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. In total, around 100 enforcement actions were carried out worldwide, targeting 37 of the platform’s most active users.

Launched in 2021 with support from the ARES threat group, LeakBase grew to more than 142,000 members after the shutdown of the Breached hacker forum. The site allowed users to access leaked databases, trade hacking tools and stolen data, and share resources on hacking techniques, social engineering, cryptography, and operational security.

The takedown follows the disruption of the RaidForums and BreachForums hacker forums in 2022 and 2023, respectively, as well as the conviction and sentencing of the BreachForums founder in 2025.

Ein Ukrainer bekennt sich schuldig, die Website OnlyFake betrieben zu haben

A 27-year-old Ukrainian man has pleaded guilty to operating an AI-driven website that generated and sold more than 10,000 counterfeit identification documents to customers around the world. Yurii Nazarenko, aka “John Wick,” “Tor Ford,” and “Uriel Septimberus,” admitted to running the subscription-based platform OnlyFake. The site used AI technology to create realistic-looking digital images of fake passports, driver’s licenses, and Social Security cards.

OnlyFake enabled users to generate fake digital versions of identification documents from nearly 56 countries. Customers could customize the fake documents with specific personal details or choose randomized information. Nazarenko was extradited from Romania in September 2025 to face charges in the United States. As part of his plea agreement, he has agreed to forfeit $1.2 million in proceeds from the operation. He faces a maximum sentence of 15 years in prison. Sentencing is scheduled for June 26, 2026.

In einem weiteren Fall haben die ukrainischen Behörden den 21-jährigen Denis Nikolaev wegen großangelegten Cyberdiebstahls bei zwei großen ukrainischen Energieunternehmen angeklagt. Nach Angaben der Generalstaatsanwaltschaft haben der Verdächtige und seine Komplizen eine Masche inszeniert, bei der angeblich versehentlich ein kleiner Geldbetrag auf das Konto eines der Opferunternehmen überwiesen wurde.

When the firm’s accountant tried to remedy the mistake, she was asked to fill out a refund form with a .zip archive containing a remote access trojan disguised as a password. The attacker gained access to the remote banking service «client-bank» of both companies and withdrew from one victim’s account 78.5 million hryvnias (EUR 1.55 million) and about 48.7 million hryvnias (EUR 960,000) from another company’s account. The hacker then laundered the stolen money through multiple bank accounts, dozens of corporate and individual accounts, and cryptocurrency exchanges. He is charged in absentia with theft, interference with electronic networks, and money laundering.

In yet another case, Ukrainian cyberpolice arrested a 30-year-old developer and seller of phishing resources. The man created custom software that enabled unauthorized access to users’ accounts on various websites.

Ex-US Air Force officer arrested in plot with Chinese hacker

Ein ehemaliger Offizier der US-Luftwaffe wurde festgenommen, unter dem Vorwurf, sich mit einem verurteilten chinesischen Hacker verschworen zu haben, um chinesischen Militärpiloten fortgeschrittenes Flugtraining zu vermitteln. Gerald Eddie Brown, 65, wurde in Jeffersonville, Indiana, in Gewahrsam genommen, nachdem er angeblich fast drei Jahre in China gelebt und Piloten der Luftwaffe der Volksbefreiungsarmee (PLAAF) ausgebildet hatte.

Laut Gerichtsunterlagen diente Brown 24 Jahre in der US-Luftwaffe und trat 1996 im Rang eines Majors in den Ruhestand. Während seiner militärischen Laufbahn leitete er Einheiten, die für Systeme zur nuklearen Waffenlieferung und Kampfeinsätze zuständig waren. Nach seinem Ausscheiden aus dem aktiven Dienst arbeitete Brown als Frachtflugzeugpilot und übernahm Positionen bei zwei US-Rüstungsunternehmen.

Die Staatsanwaltschaft wirft Brown vor, im Jahr 2023 Verhandlungen über einen Vertrag zur Ausbildung chinesischer Militärpiloten im Einsatz von Kampfflugzeugen aufgenommen zu haben. Die Absprache wurde Berichten zufolge über Personen vermittelt, die mit Stephen Su Bin in Verbindung stehen, einem chinesischen Staatsbürger, der zuvor wegen Hacking an US-Verteidigungsunternehmen verurteilt worden war.

Bin, who operated an aviation and aerospace technology business in Canada, pleaded guilty in 2016 to breaching the networks of American defense firms between 2008 and 2014. In one instance, he breached servers used by Boeing to store data related to the C-17 military transport aircraft and sent confidential information to officials in China. Bin served four years in prison, and his company was later sanctioned.

Federal authorities say Brown worked with Bin to complete his training agreement. In December 2023, Brown traveled to China, where he met with officials from the People’s Republic of China and presented his military résumé. He stayed in the country until returning to the United States in February 2026.

Die Staatsanwaltschaft wirft Brown vor, gegen die International Traffic in Arms Regulations (ITAR) verstoßen zu haben, indem er Verteidigungsdienstleistungen für ein ausländisches Militär erbrachte, ohne die erforderliche Genehmigung des US-Außenministeriums einzuholen.

Demo anfordern

ImmuniWeb kann Ihnen helfen, Datenpannen zu verhindern und regulatorische Anforderungen zu erfüllen.

Sextortionist pleads guilty to targeting hundreds of young women online

A 22-year-old US man has pleaded guilty to federal charges after admitting he hacked and extorted hundreds of young women, including minors, in a years-long sextortion scheme.

Jamarcus Mosley pleaded guilty to extortion, cyberstalking, and computer fraud charges stemming from an operation that ran from April 2022 through May 2025. Prosecutors said Mosley targeted victims on social media platforms including Snapchat and Instagram, as well as other online accounts.

According to court documents, Mosley tricked victims into providing recovery codes and passwords by impersonating their friends and via other tactics. He then hijacked control of victims’ accounts and threatened to release their private nude images and videos publicly or permanently lock them out of their accounts unless they complied with his demands. The demands included providing additional account access, sending sexually explicit content, or paying money. Mosley is scheduled to be sentenced on May 27, 2026.

Of note, Europol has shared the first results of an international law enforcement operation involving 28 countries codenamed “Project Compass” targeting “The Com,” a decentralized, nihilistic online network made up of thousands of minors and young adults involved in cybercrime, physical violence, and extortion. Since January 2025, authorities have arrested 30 suspects and identified (fully or partially) 179 perpetrators. Four victims have been safeguarded, with up to 62 victims identified overall.

According to the FBI, The Com operates through three main branches: Hacker Com, In Real Life (IRL) Com, and Extortion Com. Members’ tactics has become more sophisticated, using advanced methods to conceal identities, launder money, and hide financial transactions.