Ransomware hits a Japanese brewer, an Odesa crypto gang and other cybersecurity news

A roundup of the week’s key cybersecurity news.

A roundup of the week’s key cybersecurity news.

Chinese national convicted of fraud in London

A UK court found Chinese national Zhimin Qian guilty of cryptocurrency fraud, The Guardian reported. 

According to police, the 45-year-old organised a criminal scheme in China between 2014 and 2017, with around 128,000 victims.

With the proceeds, Qian bought 61,000 BTC and left China in 2017 using a forged passport. A year later she tried to launder the money through property purchases with the help of a 43-year-old Chinese takeaway worker, Jiang Wen. For her role in the scheme, Wen was sentenced in May 2024 to six years and eight months in prison.

Police say it is among the largest money-laundering cases in British history.  

Kazakhstan exchanger suspected of laundering for cybercriminals and drug traffickers

Following an on-chain investigation, Kazakhstan’s Financial Monitoring Agency (AFM) shut down the RAKS exchange service. 

Law enforcement said the company provided “professional money-laundering services” for proceeds of cybercrime and drug trafficking. The service enjoyed a strong reputation in criminal circles and collaborated with 20 of the largest darknet marketplaces, with a combined audience of more than 5m users. 

According to AFM, over the past three years more than 200 drug shops in CIS countries — Kazakhstan, Russia, Ukraine and Moldova — laundered criminal proceeds via RAKS exchange. Turnover exceeded $224m. 

Investigators analysed over 4,000 crypto wallets. Sixty-seven addresses holding assets worth 9.7m USDT were blocked.

Odesa crypto gang pitched fake investments

On 3 October Ukraine’s Cyber Police reported the exposure of an international criminal group in Odesa.

The suspects created the false impression of a profitable business and attracted investors, whose funds were moved to crypto wallets and spent.

According to law enforcement, the group created fake websites of non-existent companies, periodically changing their names for cover. The sites carried false information about supposed business in ad-traffic arbitrage and cryptocurrencies.

Potential investors were offered personal accounts where they could choose an investment plan, top up balances and “receive dividends”. In reality, funds were immediately pooled into crypto wallets controlled by the fraudsters. Once they hit their targets, they cut contact with victims.

Investigators say the “business” was organised by a 28-year-old Odesa resident. The group worked remotely and from specially equipped offices.

Between 2024 and 2025, more than 24m hryvnia flowed into the criminals’ crypto wallet. Eight members were detained; one more was put on a wanted list.

Preliminary data suggest the number of victims, including foreigners, may exceed 1,500. The damage is estimated at $92,000.

ZachXBT flagged a possible $21m miner hack

On 1 October the on-chain sleuth ZachXBT drew attention to suspicious activity on addresses linked to the SBI Crypto mining pool.

He said that on 24 September 2025, more than $21m in bitcoin, Ethereum, Litecoin, Dogecoin and Bitcoin Cash was withdrawn from addresses of a subsidiary of Japan’s SBI Holdings. The funds were first sent to addresses of five instant-swap services, then routed through the Tornado Cash crypto mixer.

In his view, some patterns echo attacks attributed to North Korean hacking groups.

Ransomware hit a Japanese brewer

On 29 September Asahi Group Holdings, Japan’s largest beer supplier, announced a system outage. An investigation found the company’s servers were targeted by ransomware.

Asahi controls roughly a third of Japan’s domestic market and employs around 30,000 people.

“Although system processes for order processing and shipping remain suspended, ensuring the supply of products to customers has been our top priority, and we have begun partial manual processing of orders and shipments”, the latest 3 October message said.

Management is preparing to partially resume call centres, including customer support, from 6 October. At the time of writing, no hacking group had claimed responsibility.

Google rolls out encrypted emails in Gmail

Since 2 October, corporate Gmail users can send end-to-end encrypted emails to people using any mail service or platform, Google said on 2 October.

To send a private email, Gmail users need to enable the “Additional encryption” option when composing a message. This guarantees automatic decoding if the recipient is a Google Workspace subscriber.

If the recipient does not use Gmail, they will receive a link to sign in and view the email in a limited version. After following it, they can read and reply to the encrypted message using a guest Google Workspace account.

Also on ForkLog:

• Losses to the crypto industry from hacks fell 37% in Q3.
• An investor reported $100,000 frozen on HitBTC.
• The Pendle team denied reports of a breach.
• OKX froze an account with $400,000 over missing logs from 2020.
• Vitalik Buterin criticised the EU’s chat-control bill.

What to read this weekend?

Given the growing problem of filtering AI-generated content and deepfakes, the widespread adoption of digital identity looks only a matter of time. ForkLog has spotted the first signs of a possible synergy between ChatGPT and the World project.