27 DDoS-for-Hire Platforms Neutralized in a Worldwide Police Crackdown
Read also: An alleged Scattered Spider member arrested in the US, a Chinese hacker who compromised over 80,000 Sophos firewalls charged, and more.
Thursday, December 12, 2024
Global law enforcement effort takes down major DDoS-for-Hire services
A global law enforcement operation, codenamed ‘PowerOFF’, has shut down 27 major platforms used to launch Distributed Denial-of-Service (DDoS) attacks.
The platforms, known as "booter" and "stresser" websites, were marketed as tools for testing network security but were widely misused by cybercriminals to disrupt online services.
Led by Europol and involving agencies from 15 countries, the operation resulted in the seizure of major DDoS services like zdstresser.net, orbitalstress.net, and starkstresser.net. Authorities arrested three suspected administrators in France and Germany and identified 300 users involved in planning attacks. Two suspected operators were charged in the US.
As part of the initiative, law enforcement launched an online advertisement campaign targeting potential offenders. The campaign includes Google and YouTube ads warning about the legal and personal repercussions of engaging in DDoS attacks. Authorities are also conducting knock-and-talk visits, sending warning letters, and emailing over 2,000 individuals linked to illegal activities.
Dutch and Belgian police take down phone phishing ring that stole millions
Belgian and Dutch authorities, with Europol's support, dismantled a phone phishing gang in a coordinated international operation.
As part of the effort, 8 suspects were arrested (4 in the Netherlands, 4 in Belgium), 17 locations searched, as well as electronic devices, luxury watches, jewelry, large amounts of cash, and a firearm confiscated.
The gang targeted victims across at least 10 European countries, primarily through phishing campaigns and posing as police or bank staff to gain access to financial data. They exploited elderly victims by approaching them at their homes.
The stolen funds were used for extravagant purchases and lavish lifestyles. The group’s illicit activities are estimated to have caused several million euros in losses.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Yet another alleged Scattered Spider member who hacked US telecom firms arrested
US authorities have arrested 19-year-old Remington Goy Ogletree, known online as ‘remi,’ for his alleged involvement with the Scattered Spider cybercrime gang. Ogletree is charged with breaching the networks of a US financial institution and two unnamed telecommunications firms using stolen employee credentials obtained through phishing campaigns.
Ogletree used text and voice phishing tactics, impersonating IT support to deceive employees into accessing fake landing pages and entering their credentials. At the financial institution, roughly 149 employees were targeted between October and November 2023 with fraudulent messages about HR updates, VPN profiles, and schedule changes.
Between October 2023 and May 2024, Ogletree exploited access to telecom systems to send over 8.6 million phishing texts aimed at stealing cryptocurrency. When the FBI searched his residence in Fort Worth, Texas, they discovered incriminating evidence on his iPhone, including phishing texts, credential-harvesting sites, and crypto wallets holding tens of thousands of dollars. Ogletree’s arrest follows the recent apprehension of five other Scattered Spider members accused of stealing millions through SMS phishing. They face serious charges, including wire fraud and aggravated identity theft, each carrying penalties of up to 20 years in prison.
In other news, a member of the ShinyHunters hacking group has been charged in France for allegedly selling malware targeting AWS email servers. French authorities accuse Sébastien Raoult aka ‘Sezyo Kaizen’, of creating software capable of scanning and hijacking vulnerable SMTP servers hosted on AWS cloud infrastructure. Raoult had already been sentenced to three years in a US prison in January. He was extradited to France at the request of local authorities to face these new charges.
A Chinese national who hacked thousands of Sophos firewalls charged in the US
US authorities have charged Chinese national Guan Tianfeng aka ‘gbigmao’ and ‘gxiaomao,’ for exploiting a zero-day vulnerability to hack tens of thousands of Sophos firewall devices globally.
Guan allegedly developed and deployed malware targeting the SQL injection vulnerability (CVE-2020-12271) in 2020, compromising approximately 81,000 devices. The malware was designed to steal sensitive information and evade detection by mimicking legitimate Sophos resources.
The US authorities link Sichuan Silence, Guan’s employer, to China’s Ministry of Public Security and claim the company supports state-sponsored cyber operations, including intelligence gathering. Both Guan and Sichuan Silence have been sanctioned by the US Treasury Department's Office of Foreign Assets Control (OFAC).
Additionally, the US State Department is offering a $10 million reward for information leading to Guan’s capture or the identification of other foreign government-directed cyber actors targeting US critical infrastructure.
Three Nigerian fraudsters charged with multimillion-dollar investment scam
The US authorities have charged three Nigerian men, Augustine Chibuzo Onyeachonam, Stanley Asiegbu, aka “Stanislaus, Asiegbu”, 37, and Chukwuebuka Nweke-Eze, for their involvement in a fraud scheme that targeted multiple people across the United States.
As part of the scheme, the fraudsters set up spoofed websites impersonating registered broker-dealers that included links to the FINRA website associated with the victim brokers or fake social accounts linked to the impersonated brokers. In some cases, the fraudulent websites displayed the seal of the US Securities and Exchange Commission (SEC).
When a victim visited the fraudulent website, they were contacted by scammers who tried to convince the victim to invest money in various stocks and cryptocurrencies. According to the authorities, the defendants used voice-changing software to impersonate female broker-dealers.
The scheme is estimated to have caused at least $3 million in losses, defrauding dozens of victims. The three scammers were charged with wire fraud conspiracy, wire fraud, securities fraud conspiracy, identity theft, and aggravated identity theft. If convicted, they could face over 20 years in prison and substantial fines.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
