This week, worldwide cybersecurity legislation enforcement took motion in opposition to headline-making cybercriminals and state-sponsored menace actors.
Italian authorities detained a person for allegedly working as a contractor for China’s Ministry of State Safety. He’s charged with stealing COVID-19 analysis and exploiting Microsoft Trade Server vulnerabilities.
British police arrested 4 members of the Scattered Spider hacking group who allegedly partnered with the DragonForce ransomware group to conduct cyberattacks in opposition to main retailers.
Additionally this week, whereas not the direct results of a legislation enforcement takedown, two ransomware teams introduced plans to shutter operations.
Learn extra concerning the week’s takedowns and shutdowns.
U.Okay. authorities arrest suspects linked to Scattered Spider cyberattacks
The U.Okay.’s Nationwide Crime Company arrested 4 people — two 19-year-old males, one 17-year-old male and a 20-year-old feminine — in reference to cyberattacks in opposition to retailers Marks & Spencer, Co-op and Harrods. Safety consultants imagine the suspects are linked to Scattered Spider, the cybercrime collective beforehand chargeable for assaults on MGM Resorts and Caesars Leisure.
The suspects had been apprehended in West Midlands and London on expenses together with Laptop Misuse Act offenses, blackmail and cash laundering.
Learn the total story by Alexander Culafi on Darkish Studying.
Chinese language hacker arrested for COVID-19 analysis theft, Trade assaults
Italian authorities and the FBI arrested Xu Zewei, a 33-year-old Chinese language nationwide allegedly concerned within the Hafnium hacking group’s operations. Xu was charged with stealing COVID-19 analysis from American scientists and exploiting Microsoft Trade Server vulnerabilities in 2020 and 2021, actions prosecutors claimed had been directed by China’s Ministry of State Safety.
Arrested in Milan on July 3, Xu allegedly labored at Shanghai Powerock Community Co. Ltd., which prosecutors described as an “enabling” firm for state-sponsored hacking. A second suspect, Zhang Yu, stays at giant.
SatanLock publicizes sudden shutdown
SatanLock, a ransomware group that emerged in April, introduced its shutdown on Telegram and its Darkish Net leak website. The group eliminated all sufferer listings, leaving solely a message that mentioned, “SatanLock venture can be shut down — The recordsdata will all be leaked at the moment.”
Regardless of its temporary existence, SatanLock compromised 67 organizations inside weeks of showing.
Hunters Worldwide shuts down, transitions to knowledge theft operation
Hunters Worldwide, a ransomware group working since 2023 as a Hive ransomware rebrand, introduced its shutdown and mentioned it’s going to launch free decryptors for all victims.
After concentrating on extra 300 organizations utilizing SharpRhino malware for preliminary entry, the group has eliminated sufferer names from its leak website and posted a goodwill message providing free decryption software program.
Analysis indicated the closure is a part of a deliberate transition, with the group rebranding itself as “World Leaks,” an extortion-only operation that started in early 2025.
Learn the total story by Kristina Beek on Darkish Studying.
Editor’s observe: An editor used AI instruments to assist within the technology of this information temporary. Our professional editors at all times overview and edit content material earlier than publishing.
Sharon Shea is govt editor of Informa TechTarget’s SearchSecurity website.
