Masterminds Behind Blender.io And Sinbad.io Crypto Mixers Charged
Read also: International police op eipes chinese PlugX malware from thousands of PCs, Microsoft sues hackers, and more.
Thursday, January 16, 2025
Operators behind Blender.io and Sinbad.io crypto mixers charged in the US
US authorities have charged Roman Ostapenko, Alexander Oleynik, and Anton Tarasov for their roles in operating the cryptocurrency mixers Blender.io and Sinbad.io, which were allegedly used by criminals to launder money obtained through theft, ransomware, and other illicit activities.
Blender.io, active from 2018 to 2022, allowed users to hide their cryptocurrency transactions for a fee, ensuring anonymity by deleting transaction records. Sinbad.io, which replaced Blender.io, was shut down in late 2023 following a coordinated law enforcement effort.
Both services were sanctioned by the US Department of the Treasury's Office of Foreign Assets Control (OFAC) for their involvement in money laundering, including links to North Korean hacking groups. Blender.io was sanctioned in May 2022 for its ties to the DPRK, which used it to launder stolen funds, and was also utilized by ransomware groups. Sinbad.io, which operated briefly, was similarly sanctioned in November 2023.
Ostapenko, 55, of Russia, faces conspiracy and unlicensed money transmitting charges. Oleynik, 44, also from Russia, and Tarasov, 32, are charged with conspiracy and operating an unlicensed money transmitting business. Ostapenko and Oleynik were arrested in December 2024, but Tarasov remains at large.
A global law enforcement op wipes Chinese PlugX malware from thousands of computers
The US Department of Justice (DOJ) and Federal Bureau of Investigation (FBI), in collaboration with international law enforcement and cybersecurity experts, conducted a multi-month operation to dismantle a Chinese state-sponsored hacking group’s malware campaign.
The group, known as Mustang Panda or Twill Typhoon, used a customized version of PlugX malware to infiltrate and control victim computers, stealing sensitive data and conducting surveillance.
Funded by the Chinese government, the group’s operations, which began in 2014, targeted government agencies, businesses, and Chinese dissident groups across the US, Europe, and Asia.
The police operation, authorized by court warrants and coordinated with French law enforcement, removed the malware from over 4,000 US-based computers by January 3, 2025. This effort was part of a larger international operation aimed at disrupting the group’s cyber espionage activities.
Ukrainian police dismantle an international fraud network targeting European citizens
Ukrainian cyber police neutralized a criminal group that defrauded citizens from several European countries through phishing schemes on a popular social media platform. The group is accused of stealing savings from residents of Finland, Denmark, Norway, Hungary, and other nations by tricking them into entering their financial details on fake websites.
The group’s operations spanned multiple European countries, causing at least 60,000 euros in losses. Members of the group played specific roles in the operation. So-called "coders" were responsible for creating phishing websites and automating the registration process of fake accounts. They also took steps to protect the anonymity of their partners in the illegal activity. Meanwhile, the "workers" interacted with victims by posing as fake sellers, manipulating them into clicking on phishing links and entering their financial information on fraudulent sites.
Once victims entered their payment details, a third group gained access to their accounts, transferring funds to bank cards controlled by the criminals or converting the stolen money into cryptocurrency with the help of the "coders."
During the searches, authorities seized computers, mobile phones, bank cards, and handwritten notes. Ukrainian authorities, in coordination with the Department of International Police Cooperation, are working with Danish, Finnish, and European law enforcement agencies, including Europol, to identify international accomplices of the suspects. Efforts are also underway to determine the full scope of the victims and the total financial damages caused by the fraud.
Microsoft sues 10 people in a hacking-as-a-service scheme targeting Azure OpenAI services
Microsoft has filed a lawsuit against 10 individuals accused of being involved in a sophisticated hacking-as-a-service operation that exploited the company’s generative artificial intelligence (AI) services to create and distribute harmful content.
The lawsuit targets the 10 individuals with allegations of computer fraud, identity theft, and violations of Microsoft’s terms of service. The company is seeking both criminal and civil penalties against the defendants.
The tech giant alleges that the group used compromised Azure OpenAI services to bypass security protocols, violating Microsoft's terms of use and generating offensive and malicious material between July and August 2024. The threat group is believed to have developed software that leveraged exposed customer credentials scraped from publicly available websites to gain unauthorized access to Microsoft's generative AI platforms.
The individuals are said to have monetized their access to Microsoft’s AI services by selling the generated content to other malicious actors on the Dark Web. The company has obtained a temporary restraining order, allowing it to seize the malicious domain used by the perpetrators. The domain’s traffic has been redirected to a Microsoft sinkhole.
Former Disney’s employee fesses up to hacking menu system and altering allergy info
Michael Scheuer, a former Disney employee, pleaded guilty to hacking the company's computer network to modify food menus at Disney parks. He admitted to tampering with allergen information, such as falsely indicating certain items were safe for individuals with peanut allergies, potentially putting guests at risk.
The hack also included altering wine regions to locations associated with mass shootings, adding a swastika, profanity, and changing fonts. Scheuer was charged with causing damage to a protected computer and aggravated identity theft. As part of the plea agreement, he will pay restitution to Disney, a government-imposed fine, and forfeit a computer used in the hack.
In other news, Alexandru Ionut Gheorghe, 28, and Marian Aurelian Neacsu, 29, both from Romania, pleaded guilty in a US court to possessing device-making equipment, specifically skimming devices, which they used to steal bank card data.
In June and July 2024, they were caught on surveillance placing skimmers on point-of-sale machines in stores across the Southern District of Mississippi. The devices recorded bank card information, including PIN numbers, and stole over $80,000 in SNAP benefits. Gheorghe and Neacsu face up to 15 years in prison, with sentencing set for April 15, 2025.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
The award-winning ImmuniWeb® AI Platform helps over 1,000 companies from over 50 countries to test, secure and protect their web and mobile applications, APIs and microservices, cloud and networks, to prevent data breaches and reduce third-party risk, and to comply with regulatory requirements. 
