Global Law Enforcement Crackdowns on Cybercrime Networks and Operations
Law enforcement agencies worldwide have intensified efforts to disrupt cybercrime networks, targeting both large-scale organized groups and individual offenders. In 2025, major international operations led to the seizure of approximately $15 billion in Bitcoin from the Prince Group, a syndicate accused of running forced-labor scam centers and crypto fraud schemes. Authorities in Southeast Asia and Africa conducted coordinated raids, arresting thousands of suspects, dismantling malicious infrastructure, and recovering millions in illicit funds. These actions were supported by intelligence sharing and technical assistance from private companies, reflecting a growing trend of cross-border collaboration to combat cyber threats such as ransomware, business email compromise, and online scams.
In South Korea, police arrested four individuals accused of compromising over 120,000 IP cameras, with the intent to create and sell sexually exploitative videos. The suspects exploited weak or default passwords to gain access to cameras in sensitive locations, including medical offices. Law enforcement responded by notifying affected owners and emphasizing the seriousness of such privacy violations. These arrests are part of a broader global crackdown on cybercrime, which also included operations in Australia and the UK targeting Wi-Fi-based attacks and dark web marketplaces. Authorities continue to stress the importance of active investigation and international cooperation to address the evolving landscape of cyber-enabled crime.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Global law enforcement actions against cybercrime highlighted in 2025 roundup
A year-end roundup described intensified 2025 law enforcement pressure on cybercrime, including major seizures, arrests, and infrastructure takedowns targeting malware, fraud, and ransomware networks. The report highlighted actions against groups and services such as the Prince Group, Lumma Stealer, Rhadamanthys, and LockBit, as well as INTERPOL-led arrests in Africa and EU fraud-network disruptions.
South Korean police arrest four over large-scale IP camera snooping
South Korean authorities arrested four people in connection with a massive illegal surveillance operation involving compromised internet-connected cameras. The arrests were reported as part of a broader 2025 cybercrime enforcement push.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft. A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Mar 21, 2026
European Law Enforcement Crackdown on Cybercrime and Hacking Operations
European law enforcement agencies have conducted a series of high-profile operations targeting cybercriminals and hackers across the continent. In a coordinated effort led by Europol's Operational Taskforce GRIMM, nearly 200 individuals, including minors, were arrested for their involvement in 'violence-as-a-service' schemes, which included contract killings, intimidation, and torture. The operation spanned multiple countries and resulted in the apprehension of suspects directly involved in violent crimes, enablers, recruiters, and high-value instigators, highlighting a disturbing trend of cybercrime intersecting with real-world violence. In a separate but related development, Polish authorities arrested three Ukrainian nationals found in possession of advanced hacking equipment, including devices capable of compromising IT and telecommunications networks. The suspects were charged with fraud and possession of tools intended for criminal activity, and the equipment seized included Flipper Zero devices, antennas, and spy device detectors. These arrests underscore the increasing sophistication and cross-border nature of cybercrime in Europe, as well as law enforcement's growing focus on disrupting both digital and physical threats posed by organized cybercriminal groups.
Mar 21, 2026
Year-End Cybersecurity Review: Major Law Enforcement Actions and Notable Incidents
Law enforcement agencies worldwide achieved significant victories against cybercriminals in 2025, including the takedown of Ukrainian call centers defrauding Europeans of €10 million, the seizure of servers from the E-Note crypto exchange laundering $70 million, and the arrest of individuals aiding state-backed hacking groups. Authorities also dismantled infrastructure supporting ransomware and account takeover operations, with notable convictions such as the prison sentence for the "evil twin" WiFi hacker and the seizure of the Cryptomixer crypto mixer, which laundered €1.3 billion since 2016. These actions reflect a growing trend of international cooperation, combining legal, operational, and financial measures to disrupt cybercrime and hold perpetrators accountable. In addition to law enforcement successes, 2025 saw a range of high-profile cyber incidents and campaigns. Notable events included a massive cyberattack on Venezuela’s oil and gas infrastructure, suspected to be linked to U.S. operations, and targeted phishing campaigns against Russian military personnel using malicious Excel files. Iranian hackers exploited known vulnerabilities to breach Israeli institutions outside the country’s critical infrastructure sector, exposing gaps in cybersecurity mandates for hospitals, universities, and government ministries. These incidents underscore the evolving tactics of both state and non-state actors and the persistent vulnerabilities in global cyber defenses.
Mar 21, 2026