Over 22,000 malicious IP addresses and servers linked to cyber threats have been neutralized as a result of a major law enforcement operation codenamed “Operation Synergia II,” aimed at curbing phishing, ransomware, and information-stealing malware threats.

Running from April 1 to August 31, 2024, the operation involved coordinated efforts by multiple international law enforcement agencies and targeted nearly 30,000 suspicious IP addresses across several countries. Authorities neutralized around 76% of these IP addresses and seized 59 servers directly associated with cybercriminal operations.

So far, 41 arrests have been made, with 65 other suspects currently under investigation. In Hong Kong, authorities dismantled over 1,000 malicious servers. Mongolia’s police carried out 21 searches, seized a server, and identified 93 suspects linked to cybercrime networks. In Macau, law enforcement dismantled 291 malicious servers, and Madagascar’s authorities identified 11 suspects and seized their devices for forensic analysis. Estonia's police collected over 80GB of server data, suspected to be linked to phishing and banking malware, which is now under investigation for ties to larger cybercrime operations.

In another major law enforcement operation, the Nigeria Police Force has apprehended 130 individuals, including 113 foreign nationals (mostly Chinese and Malaysian men and women) and 17 Nigerian collaborators suspected of engaging in sophisticated cybercrimes, hacking, and activities posing threats to national security.

German police bust Dstat.cc DDoS platform, arrest two suspects

German authorities have arrested two suspects, aged 19 and 28, accused of running platforms promoting DDoS (Distributed Denial of Service) attacks and distributing synthetic drugs. The operation is part of the global ‘Operation Power Off,’ targeting DDoS-as-a-service (DDoSaaS) platforms across the world.

Germany's federal criminal police (the Bundeskriminalamt, BKA), reported that the suspects were apprehended for operating two websites: an online marketplace for designer drugs and synthetic cannabinoids called ‘Flight RCS,’ and ‘Dstat.cc,’ a platform dedicated to DDoS-for-hire services. While Dstat.cc itself didn’t offer DDoS attacks directly, it served as a hub where cybercriminals could demonstrate their services, share reviews, and attract potential clients.

In a coordinated raid, seven properties were searched located in Frankfurt am Main, Darmstadt, the Rhein-Lahn district, and the Rheinisch-Bergischer district. Further seizures were carried out in France, Greece, Iceland, and the United States.

As part of the operation, law enforcement secured the IT infrastructure of criminal platforms. The collected data will be used for continued investigations into criminal vendors and users of the platforms.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity

Legal Advisory

Learn More

An alleged hacker behind the major corporate breaches caught in Canada

Canadian law enforcement officials have apprehended Alexander ‘Connor’ Moucka, known as ‘Judische,’ ‘Waifu’ and the UNC5537 cyber threat cluster. Moucka is suspected of orchestrating a series of cyber-attacks, including a high-profile breach of the data management platform Snowflake earlier this year.

The arrest took place on October 30, 2024, under a provisional warrant requested by US authorities. At present, the specific charges against Moucka remain undisclosed.

In June 2024, Snowflake publicly confirmed a security breach that affected a “limited number” of its clients. Cybersecurity experts allege that UNC5537 exploited stolen customer credentials, often acquired through previous malware infections, to infiltrate approximately 165 organizations worldwide. Using stolen credentials, the threat actor gained unauthorized access to Snowflake accounts, exposing sensitive client data and potentially compromising data security across multiple industries.

Moucka’s arrest follows the earlier detention of his alleged accomplice, John Binns, by Turkish authorities. In a separate case, Binns admitted to breaching T-Mobile’s systems, stealing customer information, and selling it to a third party. He faces multiple charges in the United States, including hacking, money laundering, identity theft, and wire fraud.

A cryptojacker indicted in a $45,000 scheme targeting a former employer’s AWS account

A former employee of a US-based firm has been indicted on charges related to a cryptojacking scheme that allegedly caused substantial financial losses.

According to the indictment, Joshua Paul Armbrust, a Minnesota resident, is accused of illegally accessing his former employer’s Amazon Web Services (AWS) accounts to mine cryptocurrency, incurring costs exceeding $45,000.

Court documents reveal that Armbrust was previously employed at a global e-commerce and payment processing company based in Minnetonka, Minnesota. Armbrust resigned from the company in February 2020. However, between December 2020 and May 2021, he is alleged to have accessed the company’s AWS accounts multiple times without authorization to carry out a cryptojacking scheme.

Prosecutors allege Armbrust used the firm’s AWS servers to mine Ethereum, directing the cryptocurrency to a digital wallet and subsequently transferring it into two Coinbase accounts registered in his name. Court records indicate Armbrust liquidated the mined Ethereum, amounting to over $7,000, and transferred the proceeds to his Wells Fargo bank account.

US sentenced a man to over 26 years prison for phishing

A Nigerian man was handed a 26-year prison sentence in a US federal prison for orchestrating a complex email phishing and spoofing scheme that targeted real estate transactions, defrauding victims out of millions. Kolade Akinwale Ojelade, a 34-year-old Nigerian national residing in Leicester, the UK, was convicted of wire fraud and aggravated identity theft.

Ojelade was extradited to the United States from the United Kingdom in April 2024. After initially being indicted in February 2023, he pleaded guilty to charges of wire fraud affecting a financial institution and identity theft three months post-extradition. As a result, Ojelade was sentenced to 292 months for wire fraud and an additional 24 months for aggravated identity theft, to be served consecutively, totaling 316 months in federal prison. He is also required to pay more than $3 million in restitution.

As part of the phishing scheme, Ojelade targeted email accounts in the real estate industry, monitoring communication between prospective homebuyers, real estate companies, and title companies. He then intercepted emails, altered payment instructions and redirected funds to accounts under his control. The sheme has caused approximately $12 million in losses.

At the conclusion of his prison term, Ojelade faces deportation to Nigeria.

United States of America Germany Canada

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

REvil Gang Members Sentenced

US Cop Indicted Over Buying Stolen Data

Notorious hacker ‘USDoD’ arrested in Brazil