In 2023, we noticed quite a few legislation enforcement operations concentrating on cybercrime operations, together with cryptocurrency scams, phishing assaults, credential theft, malware improvement, and ransomware assaults.
Whereas a few of these operations had been extra profitable than others, legislation enforcement has been more and more utilizing hack-back techniques to infiltrate operations and disrupt them.
BleepingComputer has supplied a non-exhaustive listing of those operations beneath in chronological order:
Hive ransomware disrupted after FBI hacks gang’s programs
The US Division of Justice and Europol introduced that a global legislation enforcement operation secretly infiltrated the Hive ransomware gang’s infrastructure in July 2022, after they secretly started monitoring the operation for six months.
The Hive ransomware’s Tor cost and knowledge leak websites had been then seized by the FBI in January 2023.Â
The ransomware gang has not been noticed till not too long ago when they’re believed to have rebranded because the Hunters Worldwide ransomware group.
Police hacked Exclu ‘safe’ message platform to eavesdrop on criminals
The Dutch police dismantled the Exclu encrypted communications platform after hacking into the service to watch the actions of felony organizations.
The operation consisted of two separate investigations, beginning in September 2020 and April 2022, when the police additionally carried out 79 focused searches within the Netherlands, Germany, and Belgium and arrested 42 folks.
Core DoppelPaymer ransomware gang members focused in Europol operation
Regulation enforcement in Germany and Ukraine focused two people believed to be core members of the DoppelPaymer ransomware group.
The operation consisted of raiding a number of areas within the two international locations in February and was the results of a coordinated effort that additionally concerned Europol, the FBI, and the Dutch Police.
Police seize Netwire RAT malware infrastructure, arrest admin
A global legislation enforcement operation involving the FBI and police businesses worldwide led to the arrest of the suspected administrator of the NetWire distant entry trojan and the seizure of the service’s net area and internet hosting server.
NetWire was a distant entry trojan promoted as a reputable distant administration software to handle a Home windows laptop remotely.
Since no less than 2014, NetWire has been a software of alternative in varied malicious actions, together with phishing assaults, BEC campaigns, and to breach company networks.
UK creates faux DDoS-for-hire websites to determine cybercriminals
As a part of Operation PowerOFF, The U.Okay.’s Nationwide Crime Company (NCA) created a number of faux DDoS-for-hire service web sites to determine cybercriminals who make the most of these platforms to assault organizations.
NCA says a number of 1000’s of individuals accessed its faux websites, which had a practical look as a real booter service. Nevertheless, as an alternative of giving entry to DDoS instruments, they solely served to gather details about those that wished to make use of these companies.
After efficiently infiltrating the cybercrime market and gathering details about these buying unlawful companies, the company revealed the operation by displaying a splash web page on solely one in every of its faux websites.Â
US seizes $112 million from cryptocurrency funding scammers
The U.S. Division of Justice seized six digital foreign money accounts containing over $112 million in funds stolen in cryptocurrency funding schemes.
The criminals behind these cryptocurrency fraud scams (also called pig butchering or cryptocurrency confidence scams) strategy their victims through varied courting platforms, messaging apps, or social media platforms, construct belief, and introduce them to funding schemes which ultimately permit them to empty the targets’ crypto wallets.
The DOJ says the following step is to return the stolen cryptocurrency to the victims.
FBI seizes stolen credentials market Genesis in Operation Cookie Monster
The domains and infrastructure for Genesis Market, one of the vital widespread marketplaces for stolen credentials of all kinds, had been seized by legislation enforcement earlier this week as a part of Operation Cookie Monster.
Genesis Market’s full database had 1.5 million bots supplying greater than 2 million identities; greater than 460,000 bots had been obtainable on the market on the time of the takedown. In whole, the platform supplied about 80 million credentials and digital fingerprints, says UK’s Nationwide Crime Company.
Police operation ‘SpecTor’ arrests 288 darkish net drug distributors and consumers
A global legislation enforcement operation codenamed ‘SpecTor’ has arrested 288 darkish net distributors and prospects worldwide, with police seizing €50.8 million ($55.9M) in money and cryptocurrency.
The distributors had been lively in a market referred to as the ‘Monopoly Market’ that bought medication to prospects worldwide in change for Bitcoin and Monero cryptocurrency.
FBI seizes 9 crypto exchanges used to launder ransomware funds
Â
The FBI and Ukrainian police have seized 9 cryptocurrency change web sites that facilitated cash laundering for scammers and cybercriminals, together with ransomware actors.
The operation was carried out with the assistance of the Digital Foreign money Response Group, the Nationwide Police of Ukraine, and authorized prosecutors within the nation.
Â
FBI seizes BreachForums after arresting its proprietor Pompompurin in March
U.S. legislation enforcement immediately seized the clear net area of the infamous BreachForums (aka Breached) hacking discussion board three months after apprehending its proprietor Conor Fitzpatrick (aka Pompompurin), underneath cybercrime costs.
Hosted at Breached[.]vc, the area now exhibits a seizure banner saying the web site was taken down by the FBI, the Division of Well being and Human Companies, the Workplace of Inspector Basic, and the Division of Justice primarily based on a warrant issued by the U.S. District Courtroom for the Jap District of Virginia.
EncroChat takedown led to six,500 arrests and $979 million seized
Europol took down the EncroChat encrypted cell communications platform, which has led to the arrest of over 6,600 folks and the seizure of $979 million in illicit funds.
EncroChat telephones ran a particular, hardened model of Android that promised customers unbreakable encryption, anonymity, and no traceability.
In 2020, a large-scale European legislation enforcement operation quietly infiltrated the EncroChat platform and was capable of analyze thousands and thousands of messages shared between its customers after breaking the encryption algorithm.
After analyzing 15 million conversations between roughly 60,000 customers of the platform, police have arrested 6,558 customers of EncroChat, together with 197 high-value targets.
The info additionally allowed the police to find and seize 270 tons of medication, 971 autos, 271 properties, 923 weapons, 68 explosives, 40 planes, and 83 boats.
Qakbot botnet dismantled after infecting over 700,000 computer systems
The FBI disrupted the Qakbot botnet by seizing infrastructure and pushing out a module that uninstalled the malware from contaminated units.
The botnet (also called Qbot and Pinkslipbot) was linked by legislation enforcement to no less than 40 ransomware assaults in opposition to corporations, healthcare suppliers, and authorities businesses worldwide, inflicting lots of of thousands and thousands of {dollars} in harm, in line with conservative estimates. Over the previous 18 months alone, losses have surpassed 58 million {dollars}.
All through the years, Qakbot has constantly served as an preliminary an infection vector for varied ransomware gangs and their associates or operators, together with Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, and, most not too long ago, Black Basta.
Nevertheless, the success of this legislation enforcement operation could also be short-lived, as cybersecurity researchers have already seen QakBot rebuilding its botnet.
Ragnar Locker ransomware’s darkish net extortion websites seized by police
The Ragnar Locker ransomware operation’s Tor negotiation and knowledge leak websites had been seized as a part of a global legislation enforcement operation.
Visiting both web site now shows a seizure message stating that a big assortment of worldwide legislation enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia had been concerned within the operation.
Police dismantle ransomware group behind assaults in 71 international locations
In cooperation with Europol and Eurojust, legislation enforcement businesses from seven nations have arrested the core members of a ransomware group linked to assaults in opposition to organizations in 71 international locations.
The cybercriminals paralyzed main companies’ operations in assaults utilizing ransomware comparable to LockerGoga, MegaCortex, HIVE, and Dharma.
FBI disrupts Blackcat ransomware operation, creates decryption software
The FBI hacked the ALPHV ransomware operation’s servers to watch their actions and acquire decryption keys for victims.
BleepingComputer first reported that the ALPHV, aka BlackCat, web sites immediately stopped working, together with the ransomware gang’s Tor negotiation and knowledge leak websites.
Whereas the ALPHV admin claimed it was a internet hosting problem, BleepingComputer realized it was associated to a legislation enforcement operation.
Ten days later, the Division of Justice confirmed our reporting, stating that the FBI performed a legislation enforcement operation that allowed them to realize entry to ALPHV’s infrastructure.
With this entry, the FBI monitored the ransomware operation for months whereas siphoning decryption keys and sharing them with victims.
Interpol operation arrests 3,500 cybercriminals, seizes $300 million
A global legislation enforcement operation codenamed ‘Operation HAECHI IV’ has led to the arrest of three,500 suspects of varied lower-tier cybercrimes and seized $300 million in illicit proceeds.
The newest operation, which occurred between July and December 2023, focused menace actors partaking in voice phishing, romance scams, on-line sextortion, funding fraud, cash laundering related to unlawful on-line playing, enterprise e mail compromise, and e-commerce fraud.
As well as, Interpol’s monetary intelligence mechanism, I-GRIP, flagged and froze 82,112 financial institution accounts in 34 international locations linked to varied cybercrimes and fraudulent operations.
$199 million of the seized quantities concern exhausting foreign money, and the remaining $101 million corresponds to the worth of 367 digital/digital property, comparable to NFTs (non-fungible tokens) linked to cybercrime.
German police takes down Kingdom Market cybercrime market
The Federal Prison Police Workplace in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have introduced the seizure of Kingdom Market, a darkish net market for medication, cybercrime instruments, and faux authorities IDs.
The legislation enforcement operation additionally included authorities from america, Switzerland, Moldova, and Ukraine, whereas one of many directors has been arrested within the US.
The police say the market hosted 42,000 objects on the market, 3,600 of which had been from Germany.