European Law Enforcement Crackdown on Cybercrime and Hacking Operations
European law enforcement agencies have conducted a series of high-profile operations targeting cybercriminals and hackers across the continent. In a coordinated effort led by Europol's Operational Taskforce GRIMM, nearly 200 individuals, including minors, were arrested for their involvement in 'violence-as-a-service' schemes, which included contract killings, intimidation, and torture. The operation spanned multiple countries and resulted in the apprehension of suspects directly involved in violent crimes, enablers, recruiters, and high-value instigators, highlighting a disturbing trend of cybercrime intersecting with real-world violence.
In a separate but related development, Polish authorities arrested three Ukrainian nationals found in possession of advanced hacking equipment, including devices capable of compromising IT and telecommunications networks. The suspects were charged with fraud and possession of tools intended for criminal activity, and the equipment seized included Flipper Zero devices, antennas, and spy device detectors. These arrests underscore the increasing sophistication and cross-border nature of cybercrime in Europe, as well as law enforcement's growing focus on disrupting both digital and physical threats posed by organized cybercriminal groups.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Polish police arrest three Ukrainians with advanced hacking equipment
Polish authorities arrested three Ukrainian nationals for possessing what reports described as advanced hacking tools or equipment. The arrests were reported by multiple outlets as a discrete law-enforcement action in Poland.
Europol task force arrests 193 suspects in violence-as-a-service crackdown
Over a six-month period ending by December 2025, Europol's Operational Taskforce GRIMM and partner agencies arrested 193 people across Europe, including minors, for alleged involvement in violence-as-a-service activity. The operation targeted recruiters, enablers, instigators, and perpetrators linked to groups such as The Com and IRL Com.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Polish Police arrest 3 Ukrainians for possessing advanced hacking tools
securityaffairs.com
Open source193 cybercrims arrested, accused of plotting 'violence-as-a-service'
go.theregister.com
Open sourcePoland arrests Ukrainians utilizing 'advanced' hacking equipment
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft. A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Mar 21, 2026
European and U.S. Law Enforcement Actions Against Cyber-Enabled Crime
Multiple law-enforcement actions were reported across Europe and the U.S. targeting **cyber-enabled criminal activity**, including online intimidation, financial malware operations, and crypto/NFT theft. In Hungary, police working with Romanian authorities detained four young suspects accused of **swatting** and **doxing** tied to disputes initiated via *Discord*, including false bomb and violence threats that triggered significant emergency response deployments. Separately, U.S. authorities convicted two Venezuelan nationals for a multi-state **ATM jackpotting** operation in which they physically accessed older ATMs, connected a laptop, and deployed **malware** to force cash dispensing, resulting in hundreds of thousands of dollars in losses and restitution orders. In Romania, two suspects were investigated at the request of UK authorities over an alleged **hitman-for-hire** marketplace designed to conceal identities and payments via **cryptocurrency escrow**, with police seizing storage devices, crypto valued around **$650,000**, and significant cash. In the Netherlands, Zeeland police arrested four suspects linked to the theft of **169 NFTs** valued at roughly **€1.4 million**, seizing data carriers, cash, vehicles, and a house during raids as the investigation continued.
Mar 21, 2026
European Law Enforcement Takedowns of Phishing and Investment-Fraud Networks
European law enforcement reported multiple cyber-enabled fraud disruptions, including a Eurojust-supported operation that dismantled a **fraudulent call-centre network** operating from three offices in Dnipro. Authorities from Latvia, Lithuania, and Ukraine arrested **11 suspects**, seized **more than €400,000** in cash, and collected electronic evidence (computers, SIM cards, documents) during searches at **32 locations**. The group allegedly ran a fake cryptocurrency investment platform and used **remote access software** to gain access to victims’ online banking and move funds to accounts and crypto wallets under their control. Separately, Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group operating in Poland and Germany that used **phishing** to hijack Facebook accounts and extract **BLIK** payment codes. Investigators identified **11 group members**, placed **six** in pretrial detention, and seized **over 100,000** stolen Facebook credentials; prosecutors filed **400+ charges** including unauthorized access, online fraud, and money laundering. A South Korean case involving the breach of Seoul’s bike-hire service *Ttareungyi* (4.62 million users affected) is a distinct incident and not part of the European takedown actions described above.
Mar 21, 2026