Cryptocurrency Fraud, Finance & Banking, Fraud Management & Cybercrime US Treasury Sanctions Cryptocurrency Exchange for Laundering $100 Million Linked to Ransomware Chris Riotta (@chrisriotta) • August 14, 2025 (Image: Shutterstock) The U.S. Department of the Treasury has imposed sanctions against Garantex, a cryptocurrency exchange with Russian connections, as part of…
The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.
U.S. Department of Justice Seizes 145 Domains Linked to BidenCash Carding Marketplace On June 5, 2025, the U.S. Department of Justice (DoJ) announced a significant action against the illicit carding marketplace known as BidenCash, seizing approximately 145 domains linked to both the clearnet and dark web. This operation is part…
The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.
Two Individuals Plead Guilty in Fraud Scheme Involving Stolen Patient Data In a significant legal development, Wilkins Estrella and Charlene Marte have both pled guilty to charges of conspiracy to commit wire fraud and bank fraud. This plea took place on August 7, 2025, before U.S. District Judge Gregory H.…
China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities
Oct 15, 2024
National Security / Cybersecurity
China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…
China Denounces U.S. Claims Regarding Volt Typhoon as a Deception to Obscure Its Own Cyber Operations October 15, 2024 National Security / Cyber Threat Analysis In a recent statement, China’s National Computer Virus Emergency Response Center (CVERC) has reiterated its assertion that the cyber threat actor dubbed “Volt Typhoon” is…
China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities
Oct 15, 2024
National Security / Cybersecurity
China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…
Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam
The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.
Microsoft Collaborates with CBI to Disrupt Japanese Tech Support Scam Operated from India June 6, 2025 In a significant crackdown on cybercrime, India’s Central Bureau of Investigation (CBI) has arrested six suspects and shuttered two illicit call centers engaged in a sophisticated tech support scam targeting Japanese citizens. This operation,…
Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam
The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.
Connex Credit Union, located in New Haven, Connecticut, has recently reported a significant data breach affecting the personal information of approximately 172,000 individuals. The breach was identified by Connex as “unusual activity” on its network on June 3, revealing unauthorized access to specific files on that day and the preceding…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
October 15, 2024
Malware / Cybercrime
Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.
New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT October 15, 2024 Cybersecurity experts have unveiled a newly identified malware campaign that utilizes a loader known as PureCrypter to deploy the DarkVision remote access trojan (RAT). This activity, first detected by Zscaler ThreatLabz in July 2024, entails a multi-phase…
October 15, 2024
Malware / Cybercrime
Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.
