Federal authorities seized 127,271 Bitcoin, valued at approximately $15 billion, from Chen Zhi, the alleged leader of a sprawling cybercrime network based in Cambodia, the Justice Department said Tuesday. Officials said it’s the largest financial seizure on record.
“Today’s action represents one of the most significant strikes ever against the global scourge of human trafficking and cyber-enabled financial fraud,” Attorney General Pamela Bondi said in a statement.
Officials said Chen, a 38-year-old United Kingdom and Cambodian national who has renounced his Chinese citizenship, built a business empire under the Prince Group umbrella headquartered in Phnom Penh, Cambodia, that constructs, operates and manages scam compounds that rely on human trafficking and modern-day slavery.
A criminal indictment against Chen was also unsealed in the U.S. District Court for the Eastern District of New York. He remains at large and the FBI is seeking information about his whereabouts. Chen faces up to 40 years in prison for his alleged crimes.
Chen is accused of founding and running Prince Group since 2015, resulting in a global expansion that has brought the cybercrime network’s operations to dozens of entities spanning more than 30 countries.
Officials said Chen was directly involved in managing the scam compounds and committed violence against people in the forced labor camps where schemes targeted victims around the world, including in the United States. One network based in Brooklyn, New York, scammed more than 250 people in New York and across the country out of millions of dollars, according to the indictment.
Officials said the sanctions against people and organizations involved with the Prince Group transnational criminal organization and its severing of Huione Group from the U.S. financial system mark the most extensive action taken against cybercrime operations in the region to date.
“The rapid rise of transnational fraud has cost American citizens billions of dollars, with life savings wiped out in minutes,” Treasury Secretary Scott Bessent said in a statement.
The agency’s Office of Foreign Assets Control imposed sanctions on 146 people and organizations participating in Prince Group TCO, while the Financial Crimes Enforcement Network issued a rule under the USA PATRIOT Act to sever Cambodia-based financial services conglomerate Huione Group from the U.S. financial system.
OFAC also sanctioned a network of 117 illegitimate businesses affiliated with Prince Group. The agency published a complete list of people and entities sanctioned as part of the sweeping action.
Authorities said Prince Group is prolific and remains a dominant player in Cambodia’s scam economy, responsible for billions of dollars in illicit financial transactions. U.S. government officials estimate Americans lost more than $10 billion to Southeast Asia-based scam operations last year, noting that U.S. online investment scams surpass $16.6 billion.
Huione Group has allegedly laundered proceeds from cyberattacks initiated by North Korea and transnational criminal organizations in Southeast Asia responsible for virtual currency investment scams, authorities said. The organization laundered more than $4 billion in illicit proceeds between August 2021 and January 2025, the Treasury Department said.
The U.K.’s Foreign, Commonwealth, and Development Office also participated in the crackdown by imposing sanctions on Prince Holding Group, its alleged leader Chen and key associates.
“Today, the FBI and partners executed one of the largest financial fraud takedowns in history,” FBI Director Kash Patel said in a statement.
Insta360's flagship 360 camera features a dedicated Road Mode – so can the X5 really do the job of a dash cam? I tested it out for a month to find out.
In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer.
Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed “Operation Contender 3.0” targeted criminal networks that facilitated romance scams and sextortion, officials said.
Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500 victims. Authorities seized USB drives, SIM cards, forged documents and dismantled 81 cybercrime infrastructure networks across the continent.
“Cybercrime units across Africa are reporting a sharp rise in digital-enabled crimes such as sextortion and romance scams,” Cyril Gout, acting executive director of police services at Interpol, said in a statement. “The growth of online platforms has opened new opportunities for criminal networks to exploit victims, causing both financial loss and psychological harm.”
Authorities in Ghana arrested 68 people, seized 835 devices and identified 108 victims who lost a combined $450,000, $70,000 of which was recovered. The suspects allegedly used fake profiles, forged identities and stolen images to deceive victims using multiple schemes, including fake courier and customs shipment fees, and sextortion for blackmail.
Police in Senegal arrested 22 suspects who allegedly defrauded 120 victims on social media and dating platforms of about $34,000 combined.
In Cote d’Ivoire, police arrested 24 suspects and identified 809 victims who were allegedly manipulated to share intimate images before they were blackmailed. Angola authorities arrested eight people for allegedly scamming 28 domestic and international victims via social media.
Group-IB and Trend Micro assisted in the investigation, and other countries participating in the effort included Benin, Burkina Faso, Gambia, Guinea, Kenya, Nigeria, Rwanda, South Africa, Uganda and Zambia.
“By working closely with our member countries and private sector partners, we remain committed to disrupting and dismantling the groups that prey on vulnerable individuals online,” Gout said.
Operation Contender 3.0 occurred, in part, during a much larger Interpol cybercrime crackdown in Africa that resulted in the arrest of 1,209 alleged cybercriminals. Authorities said financial losses attributed to cybercrime rings disrupted during Operation Serengeti 2.0 neared $485 million from almost 88,000 victims.
A man who pleaded guilty in 2023 for charges related to his work as founder and operator of the notorious BreachForums website was resentenced Tuesday to three years in prison after having his initial sentence overturned in January.
Conor Brian Fitzpatrick, 22, operated BreachForums — once regarded as the largest English-language cybercrime marketplace — under the alias “Pompompurin.” The forum allowed users to purchase, sell, and exchange hacked or stolen data and other illicit materials, including child sexual abuse material, federal authorities said.
Fitzpatrick pleaded guilty in July 2023 to conspiracy to commit access device fraud, solicitation concerning fraudulent access devices, and possession of child sexual abuse material. Prosecutors from the Eastern District of Virginia originally sought nearly 16 years of imprisonment for the defendant. However, Fitzpatrick was initially given a sentence of 17 days — time served — along with 20 years of supervised release.
Court records reveal that the lenient sentence considered mitigating circumstances, including Fitzpatrick’s autism diagnosis and his youth. The sentencing memo noted that even while legal proceedings were ongoing, Fitzpatrick violated the court’s terms by using a VPN to access online chatrooms via Discord. In those environments, he challenged the legitimacy of his guilty plea, expressed regret over not contesting the charges, and made statements trivializing the sale of sensitive data to foreign interests.
Reaction to these post-plea actions was swift from prosecutors, who appealed the sentence. U.S. Court of Appeals Judge Paul V. Niemeyer, writing the opinion to vacate the original sentence, described Fitzpatrick’s behavior as demonstrating “a lack of remorse,” noting that the district court “never addressed the seriousness of his crimes or explained how its sentence fulfilled” the legal requirements.
With the appellate court’s decision, the case was returned for resentencing. In addition to the prison sentence, Fitzpatrick was ordered to forfeit over 100 domain names used in connection with BreachForums, more than a dozen electronic devices, and cryptocurrency proceeds from the site’s activity.
BreachForums rose to prominence quickly after law enforcement dismantled RaidForums, then the major English-language hacking platform, in February 2022. BreachForums launched the following March and by most accounts, immediately filled the void left in RaidForums’ absence, accumulating over 330,000 members in less than a year and containing more than 14 billion individual records of personal information, according to court documents.
Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia.
“Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in Southeast Asia, according to a U.S. government estimate.” That’s a 66% increase from the prior year, officials said.
People who staff these scam centers are often victimized as well. Criminal organizations in Southeast Asia recruit workers under false pretenses and use debt bondage, violence, and threats of forced prostitution to coerce them to scam strangers online via messaging apps or text messages, authorities said.
The Treasury Department’s Office of Foreign Assets Control levied sanctions against nine targets operating in Shwe Kokko, Burma, which it described as a “notorious hub for virtual currency investment scams under the protection of the OFAC-designated Karen National Army.” KNA was sanctioned as a transnational criminal organization in May.
Tin Win, Saw Min Min Oo, Chit Linn Myaing Co., Chit Linn Myaing Toyota Co., Chit Linn Myaing Mining & Industry Co., Shwe Myint Thaung Yinn Industry and Manufacturing Co., She Zhijang, Yatai International Holdings Group and Myanmar Yatai International Holding Group Co. were all sanctioned for their alleged involvement in these scam centers near Burma’s border with Thailand.
She Shijiang and Saw Chit Thu, the leader of the KNA who was previously sanctioned in May, are accused of transforming a small village in Shwe Kokko into a city built for gambling, drug trafficking, prostitution and a compound of scam centers. Tin Win and Saw Min Min Oo allegedly control property that hosts the scam centers and personally run organizations that support the operations.
“Southeast Asia’s cyber scam industry not only threatens the well-being and financial security of Americans, but also subjects thousands of people to modern slavery,” John K. Hurley, under secretary of the Treasury for terrorism and financial intelligence, said in a statement.
The Treasury Department also sanctioned four people and six organizations for their alleged involvement in forced labor compounds in Cambodia that operate virtual currency investment scams targeting victims in the United States, Europe, China and elsewhere.
T C Capital Co., K B Hotel Co., K B X Investment Co., M D S Heng He Investment Co., Heng He Bavet Property Co., HH Bank Cambodia, Dong Lecheng, Xu Aimin, Chen Al Len and Su Liangsheng were all sanctioned for their alleged involvement in scam centers in Cambodia.
“These sanctions protect Americans from the pervasive threat of online scam operations by disrupting the ability of criminal networks to perpetuate industrial-scale fraud, forced labor, physical and sexual abuse, and theft of Americans’ hard-earned savings,” Rubio said.
HISTORY By Will Fastie I thought the waiting list for AskWoody-hosted tours of the System Source Computer Museum was on the wane, but the most recent tour was full and the waiting list remains strong. Reactions to the museum continue to be very positive. Visitors are polled after their visit, and the consistent rating from […]
A financially motivated threat group operating since 2021 has refined its technical tradecraft, honing its focus on cloud-based systems that allow it to expand ransomware operations beyond the scope of on-premises infrastructure, Microsoft Threat Intelligence said in a report released Wednesday.
By leveraging cloud-native capabilities, Storm-0501 has exfiltrated large volumes of data with speed, destroying data and backups within victim environments and encrypted systems. “This is in contrast to threat actors who may have relied solely on malware deployed to endpoints,” Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, said in an email.
“This evolution is about both a technical shift and a change in impact strategy,” DeGrippo said. “Instead of just encrypting files and demanding ransom for decryption, Storm-0501 now exfiltrates sensitive cloud data, destroys backups, and then extorts victims by threatening permanent data loss or exposure.”
Storm-0501 targets opportunistically by searching for unmanaged devices and security gaps in hybrid cloud environments. By exploiting these vulnerabilities, it can evade detection, escalate its access privileges and sometimes move between user accounts. This approach amplifies the impact of its attacks and raises its chance for a payout, according to Microsoft.
The threat group recently compromised a large enterprise with multiple subsidiaries that each operated standalone Active Directory domains and separate Microsoft Azure instances with varying security tool coverage linked to several Entra ID tenants. “This fragmented deployment created visibility gaps across the environment,” researchers said in the report.
Storm-0501 searched for Active Directory domains that did not have endpoint detection enabled. Once it gained a foothold in an Active Directory environment, it hopped to other domains and eventually compromised a separate Entra Connect server associated with a different Entra ID tenant and Active Directory domain.
“Many organizations have on-prem assets that are of extremely high criticality, often too fragile or legacy to move to the cloud,” DeGrippo said. “This is what provides such a significant weakness in these environments.”
The reconnaissance allowed the threat group to gain deep visibility into the organization’s security tooling and infrastructure. Storm-0501 identified a non-human identity associated with Global Administrator privileges on that Entra ID account that lacked multifactor authentication.
The threat group successfully reset the user’s on-premises password, synced it to the cloud identity of that user and registered a new MFA method under their control. With that level of access, Storm-0501 achieved full control over the cloud domain and used the highest possible cloud privileges to achieve their goals, researchers said.
Storm-0501 eventually took control of the victim organization’s Azure environment, located critical assets and abused their Azure Owner role to access and steal keys that allowed it to exfiltrate data. Microsoft said the threat group then performed cloud-based encryption and deleted Azure resources en masse before it initiated extortion by contacting victims on Microsoft Teams using one of the previously compromised user’s accounts.
“Storm-0501 is driving a major shift in ransomware tactics,” DeGrippo said. “Hybrid and cloud environments are uniquely vulnerable. Storm-0501 exploits gaps between on-prem and cloud security, showing that organizations with hybrid architectures are at greater risk if they don’t have unified visibility and controls.”
ISSUE 22.34 • 2025-08-25 SOFTWARE By Mary Branscombe Skype can no longer be your phone number, but you can still make calls and your Skype credit is safe — even though the experience is annoying Thanks to the popularity of Google Voice, WhatsApp, and Zoom, Microsoft announced back in February that it would be shutting […]
In a sweeping announcement about a forthcoming executive order, President Donald Trump argued Monday that states are ultimately subservient to the White House when it comes to setting election policy.
“Remember, the states are merely an agent for the federal government in counting and tabulating the votes,” Trump wrote on Truth Social Monday morning. “They must do what the federal government, as represented by the President of the United States, tells them, FOR THE GOOD OF OUR COUNTRY, to do.”
Trump also claimed the executive order would end mail-in voting, falsely claiming that other countries stopped the practice due to fraud, as well as “very expensive and SERIOUSLY CONTROVERSIAL voting machines.”
It’s not clear which voting machines Trump was referencing. The president’s allies and friendly media outlets like Fox News and NewsMax were successfully sued by Smartmatic and Dominion for billions of dollars after the 2020 election for falsely claiming that their voting machines were rigged to elect Democratic President Joe Biden.
Either way, Trump has lost dozens of lawsuits attempting to prove fraud, and reportedly nearly signed an executive order at the end of his last term ordering the Department of Defense to seize voting machines, purportedly to examine them for fraud.
A previous executive order from Trump this year, purporting to compel the bipartisan Election Assistance Commission to alter voter registration request forms to include a proof of citizenship section and deny forms to states or voters who don’t provide the information, was struck down by a judge as unconstitutional in April. The judge in the ruling remarked that “no statutory delegation of authority to the Executive Branch permits the President to short-circuit Congress’s deliberative process” on regulating elections via executive order.
The Constitution of the United States doesn’t say much about the role of the executive branch in elections.
States are mentioned prominently as the primary administrators, while Congress is empowered to make regulations. The president isn’t mentioned at all.
David Becker, executive director of the Center for Election Innovation and Research, told CyberScoop that Article 1, Section 4 of the Constitution “states unambiguously that the regulation of elections is the power of the states, and only Congress can change that.”
“The president plays literally no role in elections, and that’s by design of the founders,” he said. “Alexander Hamilton foresaw, and made clear in Federalist 59, that a democracy must diversify the power of elections in order to protect itself from an overzealous executive, and therefore power over elections would reside with the several states.”
The contention that the president of the United States had specific authority over states in elections was also waved away as nonsense by constitutional scholars.
“States are agents of the federal government? *lights syllabus on fire,*” wrote Elizabeth Joh, constitutional law professor at the University of California, Davis.
Voting machine security has been a fiercely debated topic in Washington D.C., and among states, particularly over the past two decades as the country has moved toward electronic voting machines.
Voting machines and the software they rely on do have vulnerabilities, but safeguards exist to detect large-scale hacking attempts like those Trump claims.
First, American elections are famously decentralized, with different states and localities relying on different machines, software and other products. That means a hacker would have to compromise multiple systems and companies to affect votes outside of a single county or state.
Second, voting machines, with few exceptions, are not connected to the internet. Many of the vulnerabilities a hacker would need to exploit the machine require direct, physical access. While this scenario doesn’t make a compromise impossible, experts say the chain-of-custody procedures that voting machines are subject to would make it extremely difficult to gain access to a significant number of voting machines.
Finally, 97% of U.S. voters vote on a machine with paper backups, which allow state officials to audit paper ballots to ensure they match the vote totals reported by the machine. Every post-election audit conducted by a state following the 2020 election confirmed the accuracy of the machine count.
The president’s post reinforces the idea that, after years of cooperation during past elections, the federal government and states are likely to have a contentious and adversarial relationship over the next two-to-four years.
In some states like Arizona, election officials have decried their crumbling relationship over the past year with the Cybersecurity and Infrastructure Security Agency, the federal government’s top civilian cyber agency. Under the Biden and first Trump administration, CISA played a robust, high-profile role providing cybersecurity support and technical expertise to states to harden defenses around voting machines and election infrastructure.
But the White House has fired or sidelined many CISA officials who worked on election security, and fired the regional advisers who provided assistance. Other federal agencies like the FBI and Department of Justice have disbanded task forces on election-related foreign influence operations, and have shifted much of their resourcing to investigating voter fraud.
The DOJ is suing or attempting to take legal action in multiple states, alleging that their voter registration systems are poorly maintained. Federal complaints have often focused on minor procedural errors made by states or localities to question the citizenship and eligibility of hundreds of thousands of voters.
The president’s announcement came the same day that conservative media outlet Newsmax informed the Securities and Exchange Commission it had agreed to a $67 million settlement with Dominion Voting Systems over false claims the network made in the wake of the 2020 election that their voting systems had been hacked or compromised to alter the outcome of the presidential election.
Fox News also paid $787 million to settle a lawsuit with Dominion, and Newsmax had already paid $40 million to another voting machine manufacturer, Smartmatic, to settle similar defamation charges.
In an article on the settlement, Newsmax remained defiant about its role in the 2020 election, claiming that they would have succeeded in proving the vote tallies were rigged if not for the courts rigging proceedings against them.
“Despite its confidence in its reporting, Newsmax determined the Delaware court with Judge Eric Davis presiding would not provide a fair trial wherein the company could present standard libel defenses to a jury,” the outlet wrote.
Becker said Trump “has spread lies about our elections for years now, and every time he and his allies are offered an opportunity to back those statements up in court, with evidence subject to cross-examination, they’ve failed.”
“In defamation cases brought against Fox News, Rudy Giuliani, Kari Lake, and Mike Lindell, every defendant had an absolute right to defend their statements as true, and every defendant failed to present even a shred of evidence,” he added. “All either settled for vast amounts, conceded liability for defamation, or were found liable.”
Login
TechRadar - All the latest technology news
