cybercrime6 articles
Meet Atlas RAT: The Chinese Cybercrime Group Now Targeting Europe
A Chinese-speaking cybercrime group known as TA4922 has expanded its operations into Europe, targeting organisations in Germany, Italy, the UK, and South Africa using newly documented malware including the Atlas RAT backdoor. The group employs localised phishing lures mimicking payroll notices, tax filings, and government communications, and has dramatically increased its activity since March 2026, conducting more unique campaigns than any other tracked cybercrime actor. Researchers at Proofpoint note that the malware's surveillance capabilities — including keylogging, screen capture, and webcam recording — could potentially be sold to or leveraged by espionage groups.
1.4 Million Scam Accounts Taken Down in Southeast Asia Crackdown
In a coordinated operation called "Disruption Week," law enforcement agencies including the US Department of Justice and Royal Thai Police, alongside major tech companies such as Meta, Microsoft, and Google, dismantled scam networks operating out of Southeast Asia. The effort resulted in over 1.4 million social media and Microsoft accounts being disrupted, 63 arrests, and more than $3.8 million in cryptocurrency assets frozen. The targeted scam compounds, located in Cambodia, Laos, and Burma, had been trafficking workers under false pretenses and forcing them to carry out large-scale fraud operations against victims in the US and abroad.
Dutch Authorities Axe 17-Million-Device Botnet Tied to Russian Proxy Firm
Dutch authorities, in a joint operation between police and the National Cyber Security Center, dismantled a botnet comprising over 17 million devices managed by 200 servers, after a security researcher reported the network. The botnet has been linked to ASOCKS, a Russia-based residential proxy service reportedly used for criminal activities such as DDoS attacks, phishing, and hiding users' identities. The host infrastructure, based in the Netherlands, was seized and taken offline by the hosting provider.
Play Ransomware Claims MyPillow Scalp — Lindell Says It's a Political Stitch-Up
The Russian-language ransomware group Play has claimed to have stolen sensitive financial and personal data from Mike Lindell's MyPillow, setting a Friday deadline for the company to make contact before publishing the data. Lindell has denied the breach, dismissing the claims as a politically motivated "hit job" related to his gubernatorial campaign. Play has targeted over 900 organisations since 2022 and is known for data theft and extortion tactics.
Dutch Police Nab Suspect Who Repeatedly Hacked Ajax Amsterdam's IT Systems
Dutch police arrested a 35-year-old man from Buren on suspicion of repeatedly hacking into Ajax Amsterdam's computer systems in early 2026. The attacker exploited vulnerabilities in the club's IT infrastructure to access data on hundreds of individuals, modify stadium bans, and potentially manipulate over 42,000 season tickets and 300,000 fan accounts. Ajax has since patched the vulnerabilities and notified the Dutch Data Protection Authority and police.
Microsoft Dismantles Shady Code-Signing Operation Fuelling Ransomware Campaigns
Microsoft has taken down a malware-signing service that threat actors were using to get ransomware and other malicious software past Windows security defences. The operation targeted a cybercriminal outfit providing a kind of laundering service for malware, giving it legitimately signed certificates so it looked trustworthy to the operating system.