Security News

The Australian Federal Police have arrested a 19-year old in Sydney for allegedly using leaked Optus customer data for extortion. More specifically, the suspect used 10,200 records leaked last month by the Optus hackers and contacted victims over SMS to threaten that their data would be sold to other hackers unless they paid AUD 2,000 within two days.

Germany's Bundeskriminalamt, the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. The three men obtained money from their victims by sending them phishing emails that were clones of messages from real German banks.

The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic."

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K. During last year's attacks, the Lapsus$ hacking group was said to be led by a threat actor named 'White' or 'BreachBase,' who was doxxed as allegedly a 16-year-old teen from the UK. This hacking group is responsible for numerous high-profile attacks, including Microsoft, Cisco, NVIDIA, Samsung, and Okta.

A former Broadcom engineer who pleaded guilty to stealing his ex-employer's trade secrets has asked the court not to give him prison time, saying he stole the files for reference, fearing he would "Be unable to keep up" with "More technical and younger engineers" at a new startup. According to the filing, Peter Kisang Kim worked for Broadcom for 22 years before he accepted a job in 2020 at a Chinese networking chip design startup called Mersenne Technologies, where his role was design verification director.

The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. The arrest occurred in the early morning of September 6, 2022, with the police seizing devices and "Data carriers" to aid the ongoing investigations.

Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals. The move against Tornado Cash came three months after similar sanctions were place on another crypto mixer, Blender.io.

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network, which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies and used to monitor excessive radiation levels across the country.

The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country's radioactivity alert network, which took place between March and June 2021. "A year of investigations and an exhaustive technical police analysis of all the communications of the sabotaged sensors, as well as the data related to the intrusion in the computer system whose origin could be located in the public use network of a well-known establishment of hospitality in the center of Madrid, allowed to identify the authors of the cyberattack." - Policia National.

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.