- \n
- Strike Force: America\u2019s answer to Southeast Asian crypto scams.<\/li>\n
- Police took down more than 1,000 malware servers.<\/li>\n
- A leak exposed China\u2019s global cyber-espionage methods.<\/li>\n
- The FBI sought to unmask the owner of Archive.is.<\/li>\n<\/ul>\n<\/div>\n
Strike Force: a response to Southeast Asian crypto fraud<\/h2>\n
On 12 November, US authorities announced the creation of the Scam Center Strike Force to combat crypto investment fraud originating in Southeast Asia, according to a Department of Justice press release<\/a>.<\/p>\n
Alongside the department, the FBI, the Secret Service and other agencies are involved. The Strike Force is focused on key leaders, including members of Chinese groups operating in Cambodia, Laos and Myanmar. US companies were invited to help block the infrastructure used by criminals.<\/p>\n
According to law enforcement, Chinese syndicates contact Americans via social networks and SMS, build trust and persuade them to invest in cryptocurrency. Victims then transfer funds to fake investment sites hosted on US servers. The criminals quickly launder the money and move it out of the United States.<\/p>\n
Many operators in Southeast Asia are themselves victims of human traffickers and work under the control of armed groups. In Cambodia and Laos, revenues from these schemes amount to nearly half of GDP. Losses to Americans exceed $10 billion a year, according to the Department of Justice.<\/p>\n
The press release cites early results:<\/p>\n
- \n
- seizures of $401.6 million in cryptocurrency, with forfeiture complaints for a further $80 million;<\/li>\n
- operations in Myanmar against several centres, including Tai Chang, and initiated seizures of Starlink satellite terminals;<\/li>\n
- the DKBA insurgent group and related structures added to the sanctions list;<\/li>\n
- 38 suspects arrested in Bali over fraud against more than 150 Americans;<\/li>\n
- FBI agents sent to Thailand to join the international War Room Task Force campaign against scam camps, including the major KK Park hub.<\/li>\n<\/ul>\n
Law enforcement took down more than 1,000 malware servers\u00a0<\/h2>\n
Law-enforcement agencies in nine countries, together with Europol and Eurojust, conducted<\/a> another phase of Operation Endgame against major cyber threats.<\/p>\n
Between 10 and 14 November, authorities dismantled 1,025 servers linked to campaigns using the Rhadamanthys infostealer, VenomRAT and the Elysium botnet. They seized 20 domains and carried out searches in Germany, Greece and the Netherlands.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-29a1e3421d697011-9529887298288876-1024x496.png\")
Rhadamanthys group\u2019s Tor site seized. Source: Bleeping Computer<\/a>.<\/figcaption><\/figure>\n The malware infrastructure comprised hundreds of thousands of infected computers containing several million stolen accounts. Many victims were unaware their systems had been attacked.<\/p>\n
The operation was supported by private-sector players including Cryptolaemus, Shadowserver, Proofpoint, CrowdStrike, Lumen, Abuse.ch, HaveIBeenPwned and others.<\/p>\n
During this phase, a key suspect linked to the VenomRAT remote-access trojan was arrested. Investigators say he had access to more than 100,000 victims\u2019 crypto wallets, with assets potentially worth millions of euros.<\/p>\n
Leak exposes China\u2019s global cyber-espionage methods<\/h2>\n
A massive data leak at Chinese firm Knownsec exposed the infrastructure of Beijing\u2019s global cyber-espionage network, says a post on Mrxn\u2019s Blog<\/a>. Experts called the incident one of the most significant leaks in the history of state-sponsored hacking.<\/p>\n
More than 12,000 confidential files that surfaced on GitHub show how closely commercial contractors such as Knownsec are tied to China\u2019s intelligence apparatus. Among the clients of the firm, which is supported by tech giant Tencent, are government agencies, banks and operators of critical infrastructure.<\/p>\n
According to researchers, the leak describes a broad toolkit of attack instruments, including remote-access trojans for all popular operating systems that collect messages, contacts and users\u2019 geolocation. Hardware implants were also identified, such as a modified power\u2011bank charger capable of covertly extracting data from connected devices.<\/p>\n
Knownsec\u2019s internal documents point to the scale of stolen data:<\/p>\n
- \n
- 95 GB of data from India\u2019s immigration service;<\/li>\n
- 3 TB of data from South Korean telecom operators;<\/li>\n
- 459 GB of Taiwan\u2019s road\u2011infrastructure plans;<\/li>\n
- materials from more than 20 countries, including the United Kingdom, Japan and Nigeria.<\/li>\n<\/ul>\n
Beijing declined to acknowledge the incident, stating only that it \u201copposes all forms of cyberattacks\u201d.<\/p>\n
Richard Blech, head of software firm XSOC CORP, told Resilience Media<\/a> that the leak reveals a new Chinese doctrine\u2014shifting from direct intrusion to AI analysis of encrypted data.<\/p>\n
\n
\u201cThis is cognitive warfare \u2014 not breaking into systems, but training models that understand systems, even if the data are encrypted,\u201d<\/em> he said.<\/p>\n<\/blockquote>\n
He warned that such AI systems can predict an adversary\u2019s actions from metadata and telemetry, making traditional defenses less effective.<\/p>\n
FBI seeks to unmask the owner of Archive.is<\/h2>\n
The FBI sent a court order<\/a> to Canadian domain registrar Tucows demanding the identity of the owner of the web\u2011archiving service Archive.today and its mirrors, including Archive.is.\u00a0<\/p>\n
The document states that the requested information \u201cpertains to a federal criminal investigation being conducted by the FBI\u201d, but gives no details.<\/p>\n
The identity and location of Archive.is\u2019s owner have remained unknown since the project launched in 2012. He may be a Prague resident using the pseudonym Denis Petrov.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- A new jailbreak bypassed<\/a> AI safeguards in 99% of cases.<\/li>\n
- Hackers used<\/a> Australia\u2019s cyber-police service to steal cryptocurrency.<\/li>\n
- Hyperliquid suspended<\/a> deposits and withdrawals over memecoin manipulation.<\/li>\n
- China accused<\/a> the US of stealing more than 127,000 BTC.<\/li>\n
- A US court dismissed the case<\/a> against the brothers who attacked MEV bots.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
How the longest shutdown in US history created a hole in federal cybersecurity\u2014read the new ForkLog feature.<\/p>\n","protected":false},"excerpt":{"rendered":"
A roundup of the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":91061,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"This week\u2019s key cybersecurity developments.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-91060","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"207","promo_type":"1","layout_type":"1","short_excerpt":"This week\u2019s key cybersecurity developments.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=91060"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91060\/revisions"}],"predecessor-version":[{"id":91062,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/91060\/revisions\/91062"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/91061"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=91060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=91060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=91060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Hackers used<\/a> Australia\u2019s cyber-police service to steal cryptocurrency.<\/li>\n
- A new jailbreak bypassed<\/a> AI safeguards in 99% of cases.<\/li>\n