Yazılar

Romania arrests 13 in phishing scam targeting British tax office

/in /tarafından

Thirteen individuals have been arrested in Romania following phishing attacks targeting the UK’s tax authority, HM Revenue & Customs (HMRC). The suspects are believed to have used stolen data to fraudulently claim millions of pounds in tax payments, HMRC announced on Thursday.

The arrests involved a coordinated effort with over 100 Romanian police officers, focusing on the southern counties of Ilfov, Giurgiu, and Calarasi. During the raids, authorities seized cash and luxury vehicles. The arrested individuals, aged between 23 and 53, face charges including computer fraud, money laundering, and illegal access to computer systems.

Additionally, a 38-year-old man was arrested in Preston, northwest England, on the same day. These actions follow HMRC’s disclosure last month that a criminal gang had stolen approximately £47 million ($63.7 million) by accessing over 100,000 customer accounts through phishing schemes and submitting false payment claims to the government.

HMRC emphasized that the fraud targeted the tax office rather than individual customers, though around 100,000 people were notified as a precaution. Criminal groups allegedly used the stolen data to file fraudulent claims for income tax, value-added tax (VAT), and child benefit repayments.

Simon Grunwell, operational lead of HMRC’s Fraud Investigation Service, said the agency has already taken steps to protect affected customers after detecting attempts to access a small portion of tax accounts.

Earlier, in November, two men were arrested in Bucharest as part of related cybercrime and fraud investigations linked to these phishing activities.

Telegram Blocks Two Massive Black Market Services Linked to Cybercrime and Money Laundering

/in /tarafından

Telegram has shut down two major digital black markets—Xinbi Guarantee and Huione Guaranteewhich collectively facilitated over $35 billion in transactions since 2021, according to blockchain analytics firm Elliptic. The services, which primarily operated in Chinese and were known hubs for cybercriminals and fraud networks, appeared inactive as of Thursday.

In a statement to Reuters, Telegram confirmed the takedowns, saying:

Criminal activities like scamming or money laundering are forbidden by Telegram’s terms of service and are always removed whenever discovered.”

Massive Fraud Ecosystems Dismantled:

  • Xinbi Guarantee and Huione Guarantee far surpassed older dark web markets such as Silk Road, which was infamous for illegal drug distribution.

  • The platforms served as critical infrastructure for illicit services, including:

    • Stolen data trading

    • Money laundering

    • Fraudulent telecom operations

Elliptic hailed the shutdown as a major win in the fight against online fraud, calling it a big blow for online fraudsters”.

Ties to Broader Cybercrime Networks:

  • Huione Guarantee, which once operated under the name Haowang Guarantee, is a subsidiary of Cambodia-based Huione Group, also linked to Huione Pay and Huione Crypto.

  • U.S. officials allege these entities were used by state-sponsored hacking groups, including North Korea’s Lazarus Group, which funneled more than $150,000 in cryptocurrency through Huione Pay.

Earlier this month, the U.S. Treasury Department sanctioned the Huione Group, describing it as the “marketplace of choice for malicious cyber actors,” effectively cutting it off from the U.S. financial system.

Platform Reaction and Future Concerns:

  • In a statement posted to its website, Huione Guarantee confirmed that it had been blocked by Telegram on Tuesday and would “cease operations from now on.”

  • Attempts to reach Xinbi Guarantee or Huione Group for comment were unsuccessful.

While Telegram’s move highlights growing efforts by tech platforms to combat illegal activity, analysts warn that such services may resurface under new identities unless systemic enforcement and financial sanctions continue to evolve alongside cybercrime techniques.

U.S. Lifts Sanctions on Tornado Cash Amid Legal Challenges

/in /tarafından

The U.S. Treasury Department announced on Friday that it has lifted sanctions on Tornado Cash, a cryptocurrency “mixer” accused of facilitating the laundering of more than $7 billion, including funds stolen by North Korean hackers. The decision follows legal challenges from six Tornado Cash users, who filed a lawsuit against the sanctions, supported by cryptocurrency exchange Coinbase.

In 2022, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) blacklisted Tornado Cash, claiming the firm had been involved in laundering cybercrime proceeds, including $455 million stolen by the Lazarus Group, a North Korean-backed hacking organization. Tornado Cash is designed to obfuscate the origins and recipients of cryptocurrency transactions, making it a popular tool for illicit activities.

Despite the sanctions being lifted, the Treasury reaffirmed its concerns over North Korea’s state-sponsored cyber activities, particularly its use of stolen digital assets to fund government operations. Treasury Secretary Scott Bessent emphasized the importance of protecting the digital asset industry from misuse by North Korea and other malicious actors.

The decision to lift the sanctions comes after a U.S. appeals court ruled in November that OFAC had overreached in its application of the sanctions. The Treasury indicated that the repeal followed a review of legal and policy issues, particularly in light of evolving technology and legal environments.

In 2023, two co-founders of Tornado Cash were charged with facilitating over $1 billion in money laundering, including laundering for the Lazarus Group. One of the co-founders, Roman Storm, is awaiting trial and has denied any wrongdoing. Additionally, Tornado Cash developer Alexey Pertsev was sentenced to five years and four months in prison in the Netherlands for his involvement in money laundering activities.