Un ressortissant chinois accusé d'avoir participé à une vaste campagne mondiale de cyberespionnage a été extradé d'Italie vers les États-Unis. Xu Zewei, 34 ans, fait l'objet de multiples chefs d'accusation liés à une série d'intrusions informatiques commises entre février 2020 et juin 2021.

Les autorités allègent que Xu a participé à la vaste campagne Hafnium (aka Salt Typhoon), qui a compromis des milliers de systèmes informatiques dans le monde. Selon les autorités, Xu et son coaccusé Zhang Yu, toujours en fuite, ont ciblé des universités américaines menant des recherches cruciales sur la COVID-19. Dans un incident rapporté, Xu a accédé sans autorisation au réseau d’une université du Texas et a volé des e-mails de virologues et d’immunologistes impliqués dans le développement de vaccins et de traitements.

Le groupe est également accusé d'exploiter des vulnérabilités du logiciel Microsoft Exchange Server pour installer des shells web permettant un accès distant persistant aux systèmes compromis.

Xu a été inculpé pour complot de fraude par téléphone, accès non autorisé à des ordinateurs protégés et vol d'identité aggravé. S'il est reconnu coupable sur tous les chefs d'accusation, il risque une longue peine de prison s'étalant sur plusieurs décennies.

The US pursues extradition of an alleged Scattered Spider hacker arrested in Finland

The US authorities are reportedly seeking the extradition of a 19-year-old alleged member of the Scattered Spider cybercrime group following his arrest in Finland earlier this month. Peter Stokes, a dual US-Estonian citizen known online as “Bouquet,” was detained on April 10 at Helsinki Airport while attempting to board a flight to Japan. Authorities reportedly recovered multiple electronic devices from him, including two two-terabyte hard drives.

The US DoJ has filed a six-count criminal complaint against Stokes in Chicago, charging him with wire fraud, conspiracy, and computer intrusion. The case, initially filed under seal in December, alleges Stokes was involved in at least four cyber-attacks linked to Scattered Spider, with some activity dating back to when he was just 16. Authorities say the attacks caused millions of dollars in damages to victim companies.

Scattered Spider, apparu vers 2022, est décrit comme un collectif de hackers peu organisé, composé principalement d’adolescents et de jeunes adultes originaires des États-Unis et du Royaume-Uni. Le groupe utilise principalement des techniques d’ingénierie sociale, notamment le «smishing», les attaques par «fatigue MFA» et l’usurpation d’identité de personnel informatique pour obtenir un accès non autorisé.

Earlier this month, Tyler Buchanan, the UK citizen believed to be a key member of Scattered Spider, pleaded guilty to charges linked to a wide-ranging hacking and fraud scheme that netted millions of dollars in stolen cryptocurrency.

Authorities crack down on major transnational fraud networks

Authorities across Europe, the US, the Middle East, and Asia have conducted a series of coordinated crackdowns on major transnational fraud networks. In one of the largest cases, Austrian and Albanian authorities dismantled a cryptocurrency investment fraud ring responsible for more than €50 million in losses. The investigation, launched in June 2023, resulted in the arrest of 10 suspects and raids on three call centers and nine homes. Officers seized nearly €900,000 in cash along with hundreds of electronic devices.

The operation employed up to 450 workers across departments such as IT, finance, and human resources. Structured management layers oversaw daily scam activities, while operators earned around EUR 800/month, along with commissions for each successful scam, paid partly in cash and partly by bank transfer.

In a separate takedown, the US Federal Bureau of Investigation, Dubai Police, and China’s Ministry of Public Security arrested at least 276 individuals and shutdown nine scam centers linked to cryptocurrency fraud targeting US victims. Authorities said the schemes used so-called “pig-butchering” tactics, in which scammers build trust with victims before convincing them to invest in fake platforms. Six people have been charged for managing and recruiting staff for fraudulent “companies” operating multiple scam hubs.

Parallèlement, les autorités suisses et allemandes authorities arrested 10 suspected members of the Nigerian group known as Black Axe. The suspects, aged 32 to 54, are believed to have orchestrated romance scams that defrauded victims of millions of Swiss francs, as well as laundering the proceeds through international channels.

Law enforcement agencies describe Black Axe as a highly organized global syndicate linked to the Neo-Black Movement of Africa, with tens of thousands of members operating across dozens of regional zones worldwide. In total, authorities estimate the organization has approximately 30,000 registered members globally, with a vast system of intermediaries, including money mules, to move illicit funds across borders.

Canadian police arrest three in the country’s first-ever SMS blaster phishing case

Canadian police have arrested three men in what authorities say is the country’s first known criminal case involving the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt wireless networks.

L'enquête a débuté en novembre dernier après qu'une alerte concernant un appareil suspect en activité dans le centre-ville de Toronto a été donnée aux agents. Deux suspects ont été arrêtés en mars, lorsque la police a saisi une grande quantité de matériel électronique, y compris plusieurs SMS blasters. Un troisième homme s'est rendu aux autorités début avril.

Authorities estimate that tens of thousands of mobile phones connected to the rogue system during its operation. Police also recorded more than 13 million network disruptions linked to the devices, which could temporarily block phones from accessing legitimate cellular networks, including emergency services such as 911, for periods ranging from a few seconds to several minutes.

Similar incidents have been reported in countries including Greece, Thailand, Indonesia, Qatar and the United Kingdom. Earlier this month, authorities in Kazakhstan arrested four suspects for their involvement in an SMS phishing operation that used a mobile “SMS blaster” device to flood citizens with scam messages.

Obtenir une démonstration

ImmuniWeb peut vous aider à prévenir les violations de données et à respecter les exigences réglementaires.

Ukrainian police bust cybercrime group behind the theft of over 600K gaming accounts

Ukrainian law enforcement authorities have uncovered a cybercrime group involving three suspects aged 19, 21, and 22, accused of stealing hundreds of thousands of Roblox gaming accounts belonging to users in Ukraine and abroad. The group allegedly hacked into players’ accounts and resold them for cryptocurrency within closed online communities, as well as via a website registered in Russia.

The suspects reportedly used a mix of social engineering techniques and technical tools, including information-stealing malware disguised as legitimate software offering in-game bonuses or gameplay enhancements. Authorities believe the group compromised more than 610,000 gaming profiles. The stolen accounts were categorized based on resale value, with higher prices for those containing rare items, collectible assets, or significant amounts of in-game currency.

Law enforcement officers conducted 10 authorized searches at the suspects’ residences, seizing approximately $32,000 and €2,000 in cash, handwritten notes, mobile phones, desktop computers, laptops, bank cards, tablets, and flash drives.

The illegal operation may have generated up to 10 million hryvnias (around $226,000) in revenue. The suspects have been charged with theft and unauthorized interference in information and communication systems. If convicted, they could face up to 15 years in prison.