Julius “Zeekill” Kivimäki, a notorious hacker long on the run from Finnish authorities, was arrested this week in France. The capture occurred during a domestic violence call on a residence in France, and Kivimäki likely faces extradition to Finland. The 25-year-old is one of the most wanted cybercriminals in Finland, with a lengthy list of cybercrimes that includes extorting an online psychotherapy practice and leaking sensitive info on more than 22,000 patients. In 2020, an attack against the Vastaamo Psychotherapy Center in Finland exposed the data of thousands of patients. After the incident, a hacker under the moniker “Ransom Man” asked for a six-figure ransom in exchange for not leaking patients’ private information.
An encrypted communications app popular with organized crime groups (OGCs) was taken down late last week by European police following a multi-year investigation. Exclu was used by an estimated 3000 users to hide their comms from law enforcers, according to Eurojust. A lengthy investigation began in June 2020 in Germany, with Dutch cybercrime experts brought in soon after. They apparently used their tech know-how to track users of the app for five months and subsequently dismantle the service. During an action day last week, 1200 police officers were deployed, two drug laboratories dismantled and €5.5m ($5.9m) in cash, 300,000 ecstasy tablets and 20 firearms seized, alongside 200 phones which will be analyzed for further evidence.
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. This new Linux version of Clop was spotted in December 2022 by Antonis Terefos, a researcher at SentinelLabs, after the threat group used it together with the Windows variant in an attack against a university in Colombia. While very similar to the Windows version, as they both use the same encryption method and almost identical process logic, there still are some differences, mainly limited to OS API calls and features still waiting to be implemented in the Linux variant.
The LockBit ransomware operation has claimed the cyberattack on UK’s leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to “severe service disruption.” This comes after LockBitSupport, the ransomware gang public-facing representative, previously told BleepingComputer that the LockBit cybercrime group did not attack Royal Mail. Instead, they blamed the attack on other threat actors using the LockBit 3.0 ransomware builder that was leaked on Twitter in September 2022.
An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week. In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service. Exclu, which still has an operational website that appears to still accept payments of €500 ($537/£446) or €900 ($966/£804) for three and six month licenses, respectively, was used extensively by organized criminals and drug gangs, Dutch police said.