nationalcrimeagency.gov.uk 16 August 2025 - The National Crime Agency leads the UK's fight to cut serious and organised crime.
A cyber criminal who hacked into the websites of organisations in North America, Yemen and Israel and stole the log in details of millions of people has been jailed.

Al Tahery AL MASHRIKYAl-Tahery Al-Mashriky, 26, from Rotherham, South Yorkshire, was arrested by specialist National Crime Agency cybercrime officers in August 2022, who were acting on intelligence supplied by US law enforcement around the activities of extremist hacker groups ‘Spider Team’ and ‘Yemen Cyber Army.

NCA investigators were able to link Al-Mashriky to the Yemen Cyber Army through social media and email accounts.

Forensic analysis of his laptop and several mobile phones showed that Al-Mashriky had infiltrated a number of websites including the Yemen Ministry of Foreign Affairs, the Yemen Ministry of Security Media and an Israeli news outlet.

His offending centred around gaining unauthorised access to the websites, then creating hidden webpages containing his online monikers and messaging that furthered his religious and political ideology.

He would often target websites with low security, gaining kudos in the hacking community for the sheer number of infiltrations.

Using one of his many online aliases, Al-Mashriky claimed on one cybercrime forum that he had hacked in to over 3,000 websites during a three month period in 2022.

However, a review of his seized laptop by NCA Digital Forensic Officers revealed the extent of his cyber offending. He was in possession of personal data for over 4 million Facebook users and several documents containing usernames and passwords for services such as Netflix and Paypal, which could be used for further acts of cybercrime.

Investigators found that in February 2022, after hacking into the website for Israeli Live News he accessed admin pages and downloaded the entire website. He had also hacked into two Yemeni government websites, deploying tools to scan for usernames and vulnerabilities.

Al-Mashriky was also found to have targeted faith websites in Canada and the USA as well as the website for the California State Water Board.

The NCA, working with international law enforcement partners, was able to obtain accounts from the victims of these intrusions, who gave detailed insights into the significant cost and inconvenience he had caused.Al-Mashriky was due to stand trial at Sheffield Crown Court in March this year for 10 offences under the Computer Misuse Act.

However, on 17 March he pleaded guilty to nine offences and was sentenced to 20 months imprisonment at the same court yesterday (15 August).

Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “Al-Mashriky’s attacks crippled the websites targeted, causing significant disruption to their users and the organisations, just so that he could push the political and ideological views of the ‘Yemen Cyber Army’.

“He had also stolen personal data that could have enabled him to target and defraud millions of people.

“Cybercrime can often appear faceless, with the belief that perpetrators hide in the shadows and can avoid detection. However, as this investigation shows, the NCA has the technical capability to pursue and identify offenders like Al-Mashriky and bring them to justice.”

INTERPOL-coordinated operation leads to 1,209 arrests

interpol.int - LYON, France 22.08.2025 – In a sweeping INTERPOL-coordinated operation, authorities across Africa have arrested 1,209 cybercriminals targeting nearly 88,000 victims.

The crackdown recovered USD 97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for cross-border cooperation.

Operation Serengeti 2.0 (June to August 2025) brought together investigators from 18 African countries and the United Kingdom to tackle high-harm and high-impact cybercrimes including ransomware, online scams and business email compromise (BEC). These were all identified as prominent threats in the recent INTERPOL Africa Cyberthreat Assessment Report.

The operation was strengthened by private sector collaboration, with partners providing intelligence, guidance and training to help investigators act on intelligence and identify offenders effectively.

This intelligence was shared with participating countries ahead of the operation, providing critical information on specific threats as well as suspicious IP addresses, domains and C2 servers.

Operational highlights: From crypto mining to inheritance scams

Authorities in Angola dismantled 25 cryptocurrency mining centres, where 60 Chinese nationals were illegally validating blockchain transactions to generate cryptocurrency. The crackdown identified 45 illicit power stations which were confiscated, along with mining and IT equipment worth more than USD 37 million, now earmarked by the government to support power distribution in vulnerable areas.

Zambian authorities dismantled a large-scale online investment fraud scheme, identifying 65,000 victims who lost an estimated USD 300 million. The scammers lured victims into investing in cryptocurrency through extensive advertising campaigns promising high-yield returns. Victims were then instructed to download multiple apps to participate. Authorities arrested 15 individuals and seized key evidence including domains, mobile numbers and bank accounts. Investigations are ongoing with efforts focused on tracking down overseas collaborators.

Also in Zambia, authorities identified a scam centre and, in joint operations with the Immigration Department in Lusaka, disrupted a suspected human trafficking network. They confiscated 372 forged passports from seven countries.

Despite being one of the oldest-running internet frauds, inheritance scams continue to generate significant funds for criminal organizations. Officers in Côte d'Ivoire dismantled a transnational inheritance scam originating in Germany, arresting the primary suspect and seizing assets including electronics, jewellery, cash, vehicles and documents. With victims tricked into paying fees to claim fake inheritances, the scam caused an estimated USD 1.6 million in losses.

Valdecy Urquiza, Secretary General of INTERPOL, said:

"Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results keep growing in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims."

Prior to the operation, investigators participated in a series of hands-on workshops covering open-source intelligence tools and techniques, cryptocurrency investigations and ransomware analysis. This focused training strengthened their skills and expertise, directly contributing to the effectiveness of the investigations and operational successes.

The operation also focused on prevention through a partnership with the International Cyber Offender Prevention Network (InterCOP), a consortium of law enforcement agencies from 36 countries dedicated to identifying and mitigating potential cybercriminal activity before it occurs. The InterCOP project is led by the Netherlands and aims to promote a proactive approach to tackling cybercrime.

Operation Serengeti 2.0 was held under the umbrella of the African Joint Operation against Cybercrime, funded by the United Kingdom’s Foreign, Commonwealth and Development Office.

Operational partners:
Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs and Uppsala Security.

Participating countries:
Angola, Benin, Cameroon, Chad, Côte D’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia and Zimbabwe.

Bern, 29.07.2025 — The Office of the Attorney General of Switzerland (OAG) has been conducting criminal proceedings since 2022 in the matter of a large-scale phishing series. Fake e-banking login pages had been used to defraud numerous Swiss bank customers, resulting in losses of around CHF 2.4 million. In this context, the OAG took over about thirty cases from the cantons. The investigations conducted by the OAG and fedpol led to the identification and location of the developer and distributor of phishing kit in the UK. The case was taken over by the British authorities, who were already conducting similar proceedings against the individual involved. He was sentenced by a court in the UK on 23 July 2025 to seven years imprisonment. This success demonstrates the importance of international cooperation in the fight against cybercrime.

In July 2022, the Office of the Attorney General of Switzerland (OAG) initiated criminal proceedings against persons unknown on suspicion of computer fraud (Art. 147 para. 1 in conjunction with para. 2 Swiss Criminal Code (SCC)) in connection with an extensive phishing series. Prior to this, several cantonal public prosecutor's offices had already initiated proceedings in around 30 cases in connection with the same matter, which the OAG subsequently took over and joined in its proceedings. In August 2023, following the identification of the developer and distributor of the phishing kit, criminal proceedings were extended to this person.

Real-time phishing on a grand scale

Between May 2022 and September 2022, unknown perpetrators created and used several fake login websites (phishing pages) for various Swiss banks, using what is known as a phishing kit. Bank customers who used Google Search to access their account ended up on the phishing pages posted as adverts and fell victim to the scam when they attempted to log into their supposed e-banking accounts. As a result, their e-banking access data were intercepted unbeknown to them, enabling the perpetrators to use the stolen access data to log into the victim's e-banking accounts and enable the two-factor authentication. The victims still believed that they were on the bank's real website and authenticated the login by entering the authentication code they received by text message on the phishing page. As a result, the perpetrators gained access to their authentication codes. This enabled them to successfully log into the victims' e-banking accounts and register an additional device with the bank to confirm two-factor authentication. The perpetrators were then able to log into the victims’ e-banking accounts without any further action by the victims and initiate payments without their knowledge or consent. The damage caused to the injured parties in the Swiss criminal proceedings amounts to CHF 2.4 million.

Successful cooperation with the UK, Europol and Eurojust

The intensive investigations conducted by the OAG and fedpol resulted in the identification and localisation of a British national who had developed and distributed the phishing kit. The OAG and fedpol's subsequent close cooperation with Europol, Eurojust and UK law enforcement authorities led to the arrest and prosecution in the UK of the developer and seller of the phishing kit. As the UK authorities were already conducting similar proceedings against this person, they took over the Swiss proceedings at the OAG’s request, continuing them in the UK. The OAG subsequently discontinued its criminal proceedings. On 23 July 2025, the perpetrator was sentenced in the UK to seven years imprisonment for his offences (press release from the Crown Prosecution Service). This success demonstrates the importance and effectiveness of international cooperation in tackling the fight against the ever-increasing cybercrime.

clubic.com - L'administrateur russophone d'un des plus influents forums cybercriminels mondiaux, XSS.is, vient d'être arrêté. L'opération est le fruit d'une enquête franco-ukrainienne de longue haleine.
Les autorités ukrainiennes ont interpellé à Kiev, mardi 22 juillet, le cerveau présumé de XSS.is, une plateforme défavorablement réputée, puisque lieu incontournable de la cybercriminalité russophone. L'arrestation couronne une investigation française lancée il y a quatre ans maintenant, et qui révèle aujourd'hui l'ampleur considérable des gains amassés par l'administrateur du forum, estimés à sept millions d'euros.

XSS.is cachait 50 000 cybercriminels derrière ses serveurs chiffrés
Actif depuis 2013 tout de même, XSS.is, autrefois connu sous le nom de DaMaGeLab, constituait l'un des principaux carrefours de la cybercriminalité mondiale. La plateforme russophone rassemblait plus de 50 000 utilisateurs enregistrés, autrement dit un vrai supermarché du piratage informatique, même si beaucoup moins fréquenté que feu BreachForums, tombé en avril. Sur XSS.is, les malwares, les données personnelles et des accès à des systèmes compromis se négociaient dans l'ombre du dark web.

Le forum proposait aussi des services liés aux ransomwares, ces programmes malveillants qui bloquent les données d'un ordinateur jusqu'au paiement d'une rançon. Un serveur de messagerie chiffrée, « thesecure.biz », complétait l'arsenal en facilitant les échanges anonymes entre cybercriminels. L'infrastructure offrait ainsi un environnement sécurisé pour leurs activités illégales.

L'administrateur ne se contentait pas d'un rôle technique passif. Tel un chef d'orchestre du crime numérique, il arbitrait les disputes entre hackers et garantissait la sécurité des transactions frauduleuses. Un homme aux multiples casquettes, en somme. Toujours est-il que cette position centrale lui permettait de prélever des commissions substantielles sur chaque échange.

Une coopération internationale exemplaire, portée par la France
L'enquête préliminaire française, ouverte le 2 juillet 2021 par la section cybercriminalité du parquet de Paris, a mobilisé la Brigade de lutte contre la cybercriminalité. Les investigations ont révélé des bénéfices criminels d'au moins 7 millions d'euros, dévoilés grâce aux captations judiciaires effectuées sur les serveurs de messagerie.

Outre la France et les autorités ukrainiennes, Europol a joué un rôle déterminant dans cette opération d'envergure internationale. L'agence européenne a facilité la coordination complexe entre les autorités françaises et ukrainiennes, déployant même un bureau mobile à Kiev pour faciliter l'arrestation.

Voilà en tout cas une arrestation de plus contre les réseaux cybercriminels. Souvenez-vous, il y a quelques jours, les mêmes agences avaient déjà démantelé le groupe de hackers prorusses NoName057(16). Des succès successifs qui témoignent d'une intensification bienvenue dans la lutte contre les menaces et les hackers, alors que les cyberattaques se multiplient contre les infrastructures critiques européennes.

europol.europa.eu - Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network. The investigation was also supported by ENISA, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine. The private parties ShadowServer and abuse.ch also assisted in the technical part of the operation.

The actions led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group's central server infrastructure was taken offline. Germany issued six warrants for the arrest of offenders living in the Russian Federation. Two of these persons are accused of being the main instigators responsible for the activities of "NoName057(16)". In total, national authorities have issued seven arrest warrants, which are directed, inter alia, against six Russian nationals for their involvement in the NoName057(16) criminal activities. All of the suspects are listed as internationally wanted, and in some cases, their identities are published in media. Five profiles were also published on the EU Most Wanted website.

National authorities have reached out to several hundred of individuals believed to be supporters of the cybercrime network. The messages, shared via a popular messaging application, inform the recipient of the official measures highlighting the criminal liability they bear for their actions pursuant to national legislations. Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks. Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards.

Four individuals in Britain were arrested early on Thursday morning by the National Crime Agency on suspicion of involvement in a range of ransomware attacks targeting the British retail sector earlier this year.

The individuals are a 20-year-old British woman from Staffordshire, a 19-year-old Latvian male from the West Midlands, a 19-year-old British man from London and a 17-year-old British male from the West Midlands.

All four are now in custody having been arrested at home, and the NCA said its officers have seized their electronic devices for forensic analysis.

The individuals are suspected of involvement in three incidents in April impacting British retailers Marks & Spencer, the Co-op and the London-based luxury store Harrods.

The NCA said the individuals are suspected of Computer Misuse Act offenses, blackmail, money laundering and participating in the activities of an organized crime group.

“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” said Paul Foster, the head of the NCA’s National Cyber Crime Unit.

“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.

“Cyber attacks can be hugely disruptive for businesses and I’d like to thank M&S, Co-op and Harrods for their support to our investigations. Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help.”

The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government.

The duo has been described as a "serious threat to national security" and focused their attacks on high-ranking state officials as well as journalists. They leaked samples of the stolen data online to build notoriety and inflate the selling price.

"The investigation began when agents detected the leakage of personal data affecting high-level institutions of the State across various mass communication channels and social networks," reads the police announcement.
"These sensitive data were directly linked to politicians, members of the central and regional governments, and media professionals."

The first suspect is believed to have specialized in data exfiltration, while the second managed the financial part by selling access to databases and credentials, and holding the cryptocurrency wallet that received the funds.

The two were arrested yesterday at their homes. During the raids, the police confiscated a large number of electronic devices that may lead to more incriminating evidence, buyers, or co-conspirators.

The AFP has played a key role in a landmark international operation targeting perpetrators of online sextortion, which resulted in the arrest of 22 suspects in Nigeria.
CORRECTION: The arrest of two Nigerian-based offenders linked to the suicide of a 16-year-old child in New South Wales in 2023 was NOT part of Operation Artemis. Those arrests occurred after Operation Artemis, when they were conducted by Nigeria’s Economic and Financial Crimes Commission to assist a NSW Police Force investigation.

The AFP has played a key role in a landmark international operation targeting perpetrators of online sextortion, which resulted in the arrest of 22 suspects in Nigeria.

Operation Artemis was a joint operation led by the US Federal Bureau of Investigation in partnership with the AFP, Royal Canadian Mounted Police, and Nigeria’s Economic and Financial Crimes Commission (EFCC). It focused on dismantling an organised criminal network allegedly responsible for a wave of online sextortion crimes which targeted thousands of teenagers globally.

The network’s scheme, which coerced victims into sharing sexually explicit images before threatening to distribute those images unless payment was made, had devastating consequences.

In the United States alone, more than 20 teenage suicides have been linked to sextortion-related cases since 2021. While many victims were based in North America, the ripple effects of the offending extended to Australia and other nations.

In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.

The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.

The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.

Global law enforcement response
The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.

Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.

The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.

Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.

How luxury cars, $500,000 bar tabs and a mysterious kidnapping attempt helped investigators unravel the heist of a lifetime.

In the balmy late afternoon of Aug. 25, 2024, Sushil and Radhika Chetal were house-hunting in Danbury, Conn., in an upscale neighborhood of manicured yards and heated pools. Sushil, a vice president at Morgan Stanley in New York, was in the driver’s seat of a new matte gray Lamborghini Urus, an S.U.V. with a price tag starting around $240,000. As they turned a corner, the Lamborghini was suddenly rammed from behind by a white Honda Civic. At the same time, a white Ram ProMaster work van cut in front, trapping the Chetals. According to a criminal complaint filed after the incident, a group of six men dressed in black and wearing masks emerged from their vehicles and forced the Chetals from their car, dragging them toward the van’s open side door.
After the August 2024 crypto heist, ZachXBT was able to track Lam through what’s called OSINT — open-source intelligence. In other words, social media. In Com chat groups, word was spreading that Lam was on a wild spending spree. Nobody seemed to know the source of his money, but they spoke of his lavish exploits at Los Angeles nightclubs. ZachXBT researched the most popular nightclubs in the city and then searched Instagram stories from partyers and the clubs themselves. In one post, Malone was filmed wearing a white Moncler jacket and what appeared to be diamond rings and diamond-encrusted sunglasses. He stood up on the table and began showering the crowd with hundred-dollar bills. As money rained down, servers paraded in $1,500 bottles of Champagne topped with sparklers and held up signs that read “@Malone.” He spent $569,528 in one evening alone. At one nightclub, Lam and his crew trolled ZachXBT, getting clubgoers to hold up signs reading “TOLD U WE’D WIN,” while another read, “[Expletive] ZACHXBT.”

Between Sunday 14 April and Wednesday 17 April a total of 70 addresses were searched across the world, resulting in the arrest of 37 suspects. This includes the arrest of 4 individuals in the United Kingdom linked to the running of the site, including the original developer of the service.The LabHost platform, previously available on the open web, has been...

A 20-year-old man believed to be a member of the cybercrime ring known as Scattered Spider has pleaded guilty to charges brought against him in Florida and California.

Noah Urban of Palm Coast, Florida, was arrested in January 2024 and charges against him were unsealed by US authorities in November 2024, when four others believed to be members of Scattered Spider were named.

Kidflix, one of the largest paedophile platforms in the world, has been shut down in an international operation against child sexual exploitation. The investigation was supported by Europol and led by the State Criminal Police of Bavaria (Bayerisches Landeskriminalamt) and the Bavarian Central Office for the Prosecution of Cybercrime (ZCB). Over 35 countries worldwide participated in the operation. almost 1 400 suspects worldwide. So far, 79 of these individuals have been arrested...

This follows a series of high-impact arrests targeting Phobos ransomware:An administrator of Phobos was arrested in South Korea in June 2024 and extradited to the United States in November of the same year. He is now facing prosecution for orchestrating ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.A key Phobos affiliate was arrested in Italy...

Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations.

Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket on February 10, arresting four foreign hackers involved in ransomware attacks. The operation, coordinated with Immigration Police and Region 8 Police, raided four locations across Phuket....

Four alleged European hackers have been arrested in Phuket for deploying ransomware on the networks of 17 Swiss firms. The suspects are accused of causing significant damage and stealing $16 million in Bitcoins from 1,000 global victims.

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by…

Il n’aurait jamais dû faire ce footing dans la capitale. Explications.

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta,…

Quatre Américains et un Britannique sont désormais poursuivis pour leur implication dans ce groupe, accusé notamment d’avoir piraté les casinos MGM Resorts. Spécialisé dans l’hameçonnage, ce collectif pourrait être l’émanation d’une vaste communauté de pirates anglophones.