Read also: hacker indicted for involvement in CARR and NoName057(16) attacks on critical infrastructure, man sentenced for helping North Koreans illegally get US tech jobs, and more.

Views: 4.2k Read Time: 3 min.

Teen Arrested For The Internet Café Operator Hack

A teen arrested over alleged cyber-attack on internet café operator

Japanese police have arrested a 17-year-old Osaka high school student suspected of using AI tools in a large-scale cyber-attack that compromised the personal data of millions of customers of Kaikatsu Frontier, the company behind the Kaikatsu Club chain of internet cafés and fitness gyms.

Investigators allege the boy accessed Kaikatsu Frontier’s servers using a custom tool to extract data from the company’s official app. The alleged breach forced the operator to suspend parts of its service. Police believe the intrusion resulted in the theft of information belonging to nearly 7.3 million customers.

According to media reports, the teen allegedly used AI tools to create malware and asked chatbots how to troubleshoot error messages and bypass security features. The police say the teen is well-known in the cybercrime community and had reportedly discussed his plans during livestreams on Discord.

He was arrested following an earlier investigation into a group of teenagers accused of illegally accessing Rakuten Mobile systems, which led police to the suspect.

In a separate case, Tokyo police arrested two Chinese nationals accused of hacking securities accounts and conducting unauthorized trades to manipulate stock prices. Investigators linked them to phishing-based breaches affecting accounts across ten Japanese prefectures. Nearly 3,600 people reported related incidents over the past year.

A hacker indicted for involvement in CARR and NoName057(16) attacks on critical infrastructure

A 33-year-old Ukrainian citizen, Victoria Eduardovna Dubranova, also known as “Vika,” “Tory,” and “SovaSonya,” has been indicted in the United States on allegations that she supported two pro-Russia hacktivist groups linked to destructive cyber-attacks across the globe.

According to US prosecutors, Dubranova allegedly assisted in numerous intrusions aimed at critical infrastructure, including American water utilities, election systems, and industrial control networks, acting on behalf of CyberArmyofRussia_Reborn (CARR) and NoName057(16).

Dubranova pleaded not guilty in both cases. Her trials are set for February 3, 2026 (NoName) and April 7, 2026 (CARR). According to the indictments, the Russian government supported both groups financially.

CARR used the funding to buy cybercriminal services, including DDoS-for-hire subscriptions. NoName operated as a state-sanctioned project run partly by a government-created IT organization, which helped develop its custom DDoS program. The US Department of State is also offering rewards of up to $2 million for information on individuals linked to CARR and up to $10 million for those connected to NoName.

A man sentenced for helping North Koreans illegally get US tech jobs

A 40-year-old man, Minh Phuong Ngoc Vong, was sentenced to 15 months in US prison and three years of supervised release for helping North Korean nationals fraudulently obtain US tech jobs using his identity. From 2021 to 2024, Vong let North Korean workers pose as him to secure software developer roles at 13 US companies, including those with government contracts, earning over $970,000 in salary that was actually for work performed overseas.

Vong installed remote-access software on his work laptop, allowing North Korean workers in China to perform his duties between March and July 2023. He received about $28,000 and passed it on to the operatives.

Vong admitted he helped infiltrate multiple companies and communicated mainly with a foreign national in Shenyang, China, a known hub of North Korean IT operations. The US Treasury recently sanctioned two Shenyang-based companies for supporting North Korean tech workers and laundering illicit earnings.

Vong’s case is the latest in a growing crackdown under the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, which targets US-based coordinators of North Korean IT schemes. Another US national, Kejia Wang, was charged for assisting similar operations, and an Arizona woman, Christina Chapman, was sentenced to more than eight years in prison for running a laptop farm that generated $17 million for the North Korean government.

Russian police dismantle malware gang behind millions in NFC-based bank thefts

Russian police announced they have dismantled a criminal group that stole millions of rubles from bank customers using malware built on NFCGate, an open-source tool increasingly exploited by cybercriminals.

NFCGate is a popular tool used for financial theft. Earlier this year, a modified NFCGate strain dubbed “SuperCard” was observed targeting Russia and Italy.

According to officials, several suspects, including the developer and main administrator, were detained last week. The scheme enabled remote thefts “across nearly all of Russia,” causing more than 200 million rubles (about $2.6 million) in losses.

The malware was distributed via WhatsApp and Telegram and disguised as legitimate banking apps. Victims were contacted by phone and persuaded to install the fake app, then instructed to hold their bank card to their phone and enter their PIN. This allowed attackers to harvest card data and withdraw cash from ATMs nationwide. The police are working to identify additional members of the network.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A malware developer arrested in Ukraine

Ukrainian police have apprehended a 22-year-old man accused of developing malware used to break into social media accounts, primarily targeting users across the US and Europe.

According to investigators, he sold the compromised accounts on an underground forum, where he eventually became an “arbitrator.” He was responsible for resolving disputes between forum users, particularly those involving transactions related to buying and selling services and digital goods.

Authorities also say he operated a large bot farm of more than 5,000 fake profiles, which he used to artificially boost follower numbers for clients involved in covert online schemes.

Cyber police tracked him down, confiscated his equipment, and collected digital evidence. The suspect is now facing several cybercrime-related charges that could carry a sentence of up to 15 years. He has been placed under round-the-clock house arrest as the investigation continues.

In the meantime, Spanish police have detained a 19-year-old accused of hacking and selling data belonging to nine companies. Authorities say he stole over 64 million records and sold them on various hacking forums using five different aliases.