The Breach News

US Imposes Sanctions on Crypto Exchange Linked to Russian Ransomware

Cryptocurrency Fraud, Finance & Banking, Fraud Management & Cybercrime US Treasury Sanctions Cryptocurrency Exchange for Laundering $100 Million Linked to Ransomware Chris Riotta (@chrisriotta) • August 14, 2025 (Image: Shutterstock) The U.S. Department of the Treasury has imposed sanctions against Garantex, a cryptocurrency exchange with Russian connections, as part of…

Read MoreUS Imposes Sanctions on Crypto Exchange Linked to Russian Ransomware

DoJ Takes Down 145 Domains Linked to BidenCash Carding Operations

The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.

U.S. Department of Justice Seizes 145 Domains Linked to BidenCash Carding Marketplace On June 5, 2025, the U.S. Department of Justice (DoJ) announced a significant action against the illicit carding marketplace known as BidenCash, seizing approximately 145 domains linked to both the clearnet and dark web. This operation is part…

Read More

DoJ Takes Down 145 Domains Linked to BidenCash Carding Operations

The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.

China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities

Oct 15, 2024
National Security / Cybersecurity

China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…

China Denounces U.S. Claims Regarding Volt Typhoon as a Deception to Obscure Its Own Cyber Operations October 15, 2024 National Security / Cyber Threat Analysis In a recent statement, China’s National Computer Virus Emergency Response Center (CVERC) has reiterated its assertion that the cyber threat actor dubbed “Volt Typhoon” is…

Read More

China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities

Oct 15, 2024
National Security / Cybersecurity

China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…

North Korean Hackers Initiate New Cyber Attack Against South Korea

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…

Read MoreNorth Korean Hackers Initiate New Cyber Attack Against South Korea

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

Microsoft Collaborates with CBI to Disrupt Japanese Tech Support Scam Operated from India June 6, 2025 In a significant crackdown on cybercrime, India’s Central Bureau of Investigation (CBI) has arrested six suspects and shuttered two illicit call centers engaged in a sophisticated tech support scam targeting Japanese citizens. This operation,…

Read More

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…

Read More

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT October 15, 2024 Cybersecurity experts have unveiled a newly identified malware campaign that utilizes a loader known as PureCrypter to deploy the DarkVision remote access trojan (RAT). This activity, first detected by Zscaler ThreatLabz in July 2024, entails a multi-phase…

Read More

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.