The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.

The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.

“Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.”

A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.

“One of the things that we are working to do is to align those sectors and prioritize those sectors in a way that makes sense,” he said.

Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances. One of those instances is the Securities and Exchange Commission’s 2023 incident disclosure rule, which drew some of the most vehement industry opposition under the Biden administration’s’ pursuit of cyber regulations. The idea is to make sure they “make sense for industry,” Cairncross said.

But the administration also will have things it seeks from the private sector. That will include bringing together CEOs and sending the message to them that “you need to dedicate some real resources,” he said.

Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.

The effort, which Cairncross said the administration would release details on soon, will also include a foundry (which “will be able to scale with private capital new innovation, and deploy it more quickly”) and an accelerator (“so when there’s preceded financing on on projects to really ramp that up and be able to scale as well and overcome some of the procurement hurdles that are often based in in this space”).

Cairncross said at a second event Monday that another forthcoming step was a law enforcement pilot program to better share information with state and local governments.

“We’re looking for ways to streamline information sharing from the USG side,” Cairncross said at a Billington Cybersecurity event, using the acronym for “U.S. government.” “Often, ‘how’ we know things is extremely sensitive, ‘what’ we know is less so,” he said. The goal is “to figure out how to communicate that in a helpful, actionable way.”

Updated, 3/9/26: to include comments about law enforcement pilot program.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.

A Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022. 

Ianis Aleksandrovich Antropenko began participating in ransomware attacks before moving to the United States, but conducted many of his crimes while living in Florida and California, where he’s been out on bond enjoying rare leniency since his arrest in 2024.

Antropenko pleaded guilty in the U.S. District Court for the Northern District of Texas earlier this month to conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse. He faces up to 25 years in jail, fines up to $750,000 and is ordered to pay restitution to his victims and forfeit property.

Federal prosecutors reached a plea agreement with Antropenko after a years-long investigation, closing one of the more unusual cases against a Russian ransomware operator who committed many of his crimes while living in the U.S.

While most cybercriminals, especially those involved in ransomware, are held in jail pending trial because of a flight risk, Antropenko was granted bail the day of his arrest. 

This rare flash of deferment in a case involving a prolific cybercriminal is even more shocking considering his multiple run-ins with police since then. Antropenko violated conditions for his pretrial release at least three times in a four-month period last year, including two arrests in Southern California involving dangerous behavior while under the influence of drugs and alcohol.

As part of his plea agreement, Antropenko recognized that pleading guilty could impact his immigration status since the crimes he committed are removable offenses. 

Court records don’t indicate if Antropenko has been detained pending sentencing, and his sentencing hasn’t been scheduled. His attorney and federal prosecutors working on his case did not respond to requests for comment. 

Antropenko admitted to leading the ransomware conspiracy with the aid of multiple co-conspirators, including some who lived outside the U.S.

His ex-wife, Valeriia Bednarchik, was previously implicated by the FBI and prosecutors as one of his alleged co-conspirators involved in the laundering of ransomware proceeds. 

FBI investigators traced Antropenko’s activities via accounts he held at Proton Mail, PayPal and Bank of America, and accounts he and Bednarchik controlled at Binance and Apple. In Bednarchik’s iCloud account, agents found a seed phrase for a crypto wallet that had received over 40 Bitcoin from Antropenko’s accounts, as well as evidence she had agreed to safeguard a disguised copy of this phrase so the funds could be accessed if Antropenko became unavailable. Her account also contained joint tax returns with Antropenko and photos showing large amounts of U.S. cash.

Bednarchik, who also lives in Southern California, has been identified as Antropenko’s unnamed co-conspirator through court documents and public records. While authorities previously indicated they plan to bring charges against her, no cases are currently pending.

Antropenko, who previously pleaded not guilty to the charges in October 2025, used multiple ransomware variants to commit attacks, including Zeppelin and GlobeImposter. The ransomware operation he led caused losses of at least $1.5 million to victims, according to court records.

Yet, the spoils of his crimes appear to be much greater. The Justice Department seized more than $2.8 million in cryptocurrency, nearly $71,000 in cash and two luxury vehicles from Antropenko in February 2024. Authorities seized an additional $595,000 in cryptocurrency from a wallet Antropenko owned in July 2025.

You can read the statement of facts and plea agreement below.

The post Leader of ransomware crew pleads guilty to four-year crime spree appeared first on CyberScoop.

A 19-year-old man from San Antonio pleaded guilty Friday to multiple crimes involving the sexual exploitation of children while acting as an administrator and leader of 8884, a splinter group of the violent extremist collective known as 764. 

Alexis Aldair Chavez faces up to 60 years in prison for racketeering, distribution and possession of child sexual abuse material (CSAM). He was arrested and has been detained without bail since October 2024.

Chavez began associating with 764 as a minor in 2022 when a co-conspirator introduced him to 7997, one of many 764 offshoots affiliated with The Com. Authorities describe The Com as a sprawling nihilistic violent extremist network of thousands of people, typically between 11 and 25 years old, engaged in a growing online threat to coerce vulnerable children to produce CSAM of themselves, gore material, self mutilation, sibling abuse, animal abuse and other acts of violence.

“Chavez led a group of online predators whose ultimate purpose is to destroy our society,” Sue Bai, principal deputy assistant attorney general for national security, said in a statement. “They tried to achieve that heinous goal by desensitizing innocent children to violence — coercing them to perform gruesome and harmful acts against themselves and animals — with the hope of encouraging further violence and spreading chaos.”

Prosecutors said Chavez “earned the right” to participate in 7997 chat rooms by killing his cat and posting a video of the crime for others to view. He later groomed multiple victims to blackmail and coerce additional victims, all to increase reputation within the group’s ranks, according to federal court records.

Chavez attempted to coerce a girl to commit suicide and blackmailed another girl into self-mutiliation, animal torture and illicit content production in late 2023. He later worked with multiple co-conspirators and blackmailed some of his victims to coerce other girls to degrade themselves on camera and produce CSAM.

The indictment filed against Chavez in the U.S. District Court for the Western District of Texas details a series of horrifying crimes he committed with co-conspirators and some of his victims. 

Separately, Chavez coerced multiple minors to harm themselves or engage in various acts of depravity on video chats in the 8884 channel.

“The depraved acts described in the indictment are very normal for these people,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop. 

Nixon, who has studied domestic and English-speaking cybercrime and tracked its rise for more than a decade, said 764 is a “very important tar pit for certain rare, risky personalities” that is likely worthy of scientific study. 

“8884 and 7997 are part of a homogenous 764 copycat soup. All of these groups start to blend together,” she said. “Most of these actors are motivated by attention seeking, and their culture is based on competing to be the worst. Ironically, they all end up being the same.”

When the FBI executed a search warrant at Chavez’s residence in July 2024, prosecutors said he came out the backdoor and threw his phone over a neighbor’s fence in an attempt to hide evidence.

Chavez’s guilty plea follows a year of heightened law enforcement activity, which has netted arrests of multiple alleged 764 leaders and members.

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April. The two men are accused of exploiting at least eight minor victims, some as young as 13 years old, and face charges that carry a maximum penalty of life in prison.

Baron Cain Martin, of Tucson, Arizona, allegedly joined the child sextortion ring as early as 2019, eventually acting as a leader until his arrest late last year. Martin faces 29 charges and, if convicted, up to life in prison.

Tony Christopher Long, of California, pleaded not guilty last month to multiple charges carrying a maximum penalty up to 69 years in prison related to his alleged involvement in the nihilistic violent extremist group. 

Erik Lee Madison, of Maryland, was arrested in November and is accused of victimizing at least five children this fall, including one as young as 13 at the time. His alleged criminality dates back to 2020 when he was a minor.

“All of the 764 cases I’ve seen presented by law enforcement have been high quality and successful, and I hope this work can continue,” Nixon said.

Chavez’s sentencing is set for March 25, 2026. You can read the full indictment below.

The post Leader of 764 offshoot pleads guilty, faces up to 60 years in jail appeared first on CyberScoop.