A Chinese national accused of participating in a major global cyber-espionage campaign has been extradited from Italy to the United States. Xu Zewei, 34, faces multiple charges linked to a series of computer intrusions carried out between February 2020 and June 2021.

Authorities allege that Xu was involved in the widespread Hafnium (aka Salt Typhoon) campaign, which compromised thousands of computer systems worldwide. According to authorities, Xu and his co-defendant Zhang Yu, who currently remains at large, targeted US-based universities conducting critical COVID-19 research. In one reported incident, Xu gained unauthorized access to a Texas university network and stole emails from virologists and immunologists involved in vaccine and treatment development.

The group is also accused of exploiting vulnerabilities in Microsoft Exchange Server software to install web shells for persistent remote access to compromised systems.

Xu has been charged with conspiracy to commit wire fraud, unauthorized access to protected computers, and aggravated identity theft. If convicted on all counts, he could face a lengthy prison sentence spanning several decades.

The US pursues extradition of an alleged Scattered Spider hacker arrested in Finland

The US authorities are reportedly seeking the extradition of a 19-year-old alleged member of the Scattered Spider cybercrime group following his arrest in Finland earlier this month. Peter Stokes, a dual US-Estonian citizen known online as “Bouquet,” was detained on April 10 at Helsinki Airport while attempting to board a flight to Japan. Authorities reportedly recovered multiple electronic devices from him, including two two-terabyte hard drives.

The US DoJ has filed a six-count criminal complaint against Stokes in Chicago, charging him with wire fraud, conspiracy, and computer intrusion. The case, initially filed under seal in December, alleges Stokes was involved in at least four cyber-attacks linked to Scattered Spider, with some activity dating back to when he was just 16. Authorities say the attacks caused millions of dollars in damages to victim companies.

Scattered Spider, which first appeared around 2022, is described as a loosely organized hacking collective made up largely of teenagers and young adults from the United States and the United Kingdom. The group mainly uses social engineering tactics, including “smishing”, “MFA fatigue” attacks, and impersonation of IT personnel to gain unauthorized access.

Earlier this month, Tyler Buchanan, the UK citizen believed to be a key member of Scattered Spider, pleaded guilty to charges linked to a wide-ranging hacking and fraud scheme that netted millions of dollars in stolen cryptocurrency.

Authorities crack down on major transnational fraud networks

Authorities across Europe, the US, the Middle East, and Asia have conducted a series of coordinated crackdowns on major transnational fraud networks. In one of the largest cases, Austrian and Albanian authorities dismantled a cryptocurrency investment fraud ring responsible for more than €50 million in losses. The investigation, launched in June 2023, resulted in the arrest of 10 suspects and raids on three call centers and nine homes. Officers seized nearly €900,000 in cash along with hundreds of electronic devices.

The operation employed up to 450 workers across departments such as IT, finance, and human resources. Structured management layers oversaw daily scam activities, while operators earned around EUR 800/month, along with commissions for each successful scam, paid partly in cash and partly by bank transfer.

In a separate takedown, the US Federal Bureau of Investigation, Dubai Police, and China’s Ministry of Public Security arrested at least 276 individuals and shutdown nine scam centers linked to cryptocurrency fraud targeting US victims. Authorities said the schemes used so-called “pig-butchering” tactics, in which scammers build trust with victims before convincing them to invest in fake platforms. Six people have been charged for managing and recruiting staff for fraudulent “companies” operating multiple scam hubs.

Meanwhile, Swiss and German authorities arrested 10 suspected members of the Nigerian group known as Black Axe. The suspects, aged 32 to 54, are believed to have orchestrated romance scams that defrauded victims of millions of Swiss francs, as well as laundering the proceeds through international channels.

Law enforcement agencies describe Black Axe as a highly organized global syndicate linked to the Neo-Black Movement of Africa, with tens of thousands of members operating across dozens of regional zones worldwide. In total, authorities estimate the organization has approximately 30,000 registered members globally, with a vast system of intermediaries, including money mules, to move illicit funds across borders.

Canadian police arrest three in the country’s first-ever SMS blaster phishing case

Canadian police have arrested three men in what authorities say is the country’s first known criminal case involving the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt wireless networks.

The investigation began last November after officers were alerted to a suspicious device operating in downtown Toronto. Two suspects were taken into custody in March, when police seized a large quantity of electronic equipment, including multiple SMS blasters. A third man turned himself in earlier in April.

Authorities estimate that tens of thousands of mobile phones connected to the rogue system during its operation. Police also recorded more than 13 million network disruptions linked to the devices, which could temporarily block phones from accessing legitimate cellular networks, including emergency services such as 911, for periods ranging from a few seconds to several minutes.

Similar incidents have been reported in countries including Greece, Thailand, Indonesia, Qatar and the United Kingdom. Earlier this month, authorities in Kazakhstan arrested four suspects for their involvement in an SMS phishing operation that used a mobile “SMS blaster” device to flood citizens with scam messages.

Obtener una demo

ImmuniWeb puede ayudarle a prevenir brechas de datos y cumplir con los requisitos normativos.

Ukrainian police bust cybercrime group behind the theft of over 600K gaming accounts

Ukrainian law enforcement authorities have uncovered a cybercrime group involving three suspects aged 19, 21, and 22, accused of stealing hundreds of thousands of Roblox gaming accounts belonging to users in Ukraine and abroad. The group allegedly hacked into players’ accounts and resold them for cryptocurrency within closed online communities, as well as via a website registered in Russia.

The suspects reportedly used a mix of social engineering techniques and technical tools, including information-stealing malware disguised as legitimate software offering in-game bonuses or gameplay enhancements. Authorities believe the group compromised more than 610,000 gaming profiles. The stolen accounts were categorized based on resale value, with higher prices for those containing rare items, collectible assets, or significant amounts of in-game currency.

Law enforcement officers conducted 10 authorized searches at the suspects’ residences, seizing approximately $32,000 and €2,000 in cash, handwritten notes, mobile phones, desktop computers, laptops, bank cards, tablets, and flash drives.

The illegal operation may have generated up to 10 million hryvnias (around $226,000) in revenue. The suspects have been charged with theft and unauthorized interference in information and communication systems. If convicted, they could face up to 15 years in prison.