This week, worldwide cybersecurity regulation enforcement took motion in opposition to headline-making cybercriminals and state-sponsored risk actors.
Italian authorities detained a person for allegedly working as a contractor for China’s Ministry of State Safety. He’s charged with stealing COVID-19 analysis and exploiting Microsoft Change Server vulnerabilities.
British police arrested 4 members of the Scattered Spider hacking group who allegedly partnered with the DragonForce ransomware group to conduct cyberattacks in opposition to main retailers.
Additionally this week, whereas not the direct results of a regulation enforcement takedown, two ransomware teams introduced plans to shutter operations.
Learn extra in regards to the week’s takedowns and shutdowns.
U.Ok. authorities arrest suspects linked to Scattered Spider cyberattacks
The U.Ok.’s Nationwide Crime Company arrested 4 people — two 19-year-old males, one 17-year-old male and a 20-year-old feminine — in reference to cyberattacks in opposition to retailers Marks & Spencer, Co-op and Harrods. Safety consultants imagine the suspects are linked to Scattered Spider, the cybercrime collective beforehand answerable for assaults on MGM Resorts and Caesars Leisure.
The suspects have been apprehended in West Midlands and London on costs together with Laptop Misuse Act offenses, blackmail and cash laundering.
Learn the total story by Alexander Culafi on Darkish Studying.
Chinese language hacker arrested for COVID-19 analysis theft, Change assaults
Italian authorities and the FBI arrested Xu Zewei, a 33-year-old Chinese language nationwide allegedly concerned within the Hafnium hacking group’s operations. Xu was charged with stealing COVID-19 analysis from American scientists and exploiting Microsoft Change Server vulnerabilities in 2020 and 2021, actions prosecutors claimed have been directed by China’s Ministry of State Safety.
Arrested in Milan on July 3, Xu allegedly labored at Shanghai Powerock Community Co. Ltd., which prosecutors described as an “enabling” firm for state-sponsored hacking. A second suspect, Zhang Yu, stays at giant.
SatanLock declares sudden shutdown
SatanLock, a ransomware group that emerged in April, introduced its shutdown on Telegram and its Darkish Internet leak website. The group eliminated all sufferer listings, leaving solely a message that stated, “SatanLock undertaking can be shut down — The recordsdata will all be leaked right this moment.”
Regardless of its transient existence, SatanLock compromised 67 organizations inside weeks of showing.
Hunters Worldwide shuts down, transitions to information theft operation
Hunters Worldwide, a ransomware group working since 2023 as a Hive ransomware rebrand, introduced its shutdown and stated it is going to launch free decryptors for all victims.
After concentrating on extra 300 organizations utilizing SharpRhino malware for preliminary entry, the group has eliminated sufferer names from its leak website and posted a goodwill message providing free decryption software program.
Analysis indicated the closure is a part of a deliberate transition, with the group rebranding itself as “World Leaks,” an extortion-only operation that started in early 2025.
Learn the total story by Kristina Beek on Darkish Studying.
Editor’s observe: An editor used AI instruments to assist within the technology of this information transient. Our knowledgeable editors at all times evaluation and edit content material earlier than publishing.
Sharon Shea is govt editor of Informa TechTarget’s SearchSecurity website.
