Глобальные столкновения киберпреступности: от арестов за криптомошенничество до уязвимости системы безопасности Лувра Translation: Global Cybercrime Showdowns: From Arrests for Cryptocurrency Fraud to Louvre Security Vulnerabilities

We have compiled the most crucial cybersecurity news from the past week.

European law enforcement authorities have apprehended nine suspected members of a network that stole over €600 million from victims across various countries. This information was reported in a press release from Eurojust.

The scammers created fake investment platforms that resembled legitimate crypto services and promised «clients» high returns. Victims were lured through social media, phone calls, and advertisements. After transferring funds, users lost access to their cryptocurrency.

The operation took place on October 27 and 29 in Spain, Germany, and Cyprus. The arrested individuals face charges related to money laundering derived from fraudulent activities. During searches, authorities seized €800,000 from bank accounts, €415,000 in cryptocurrency, and €300,000 in cash.

On November 4, the U.S. Treasury announced sanctions against global financial institutions in North Korea and individuals associated with them.

They are accused of laundering proceeds from unlawful activities, including cybercrime and fraud. Authorities believe these funds directly finance programs for the development of weapons of mass destruction and ballistic missiles.

Included on the list are two North Korean bankers who assisted in managing funds, including approximately $5.3 million in cryptocurrency, through the Cheil Credit Bank. Additionally, OFAC imposed sanctions on foreign representatives of North Korean banks, including senior officials from Koryo Commercial Bank, Ryugyong Commercial Bank, Foreign Trade Bank, and the Central Bank of North Korea.

Some of them are linked to a group involved in ransomware programs that attacked American companies and laundered proceeds from IT workers abroad.

According to TRM Labs, the 53 crypto addresses added to the list collectively hold over $5.4 million. Most of the funds, primarily in USDT, were frozen during a large-scale crackdown conducted by Tether in April-May 2025.

Addresses associated with Cheil Bank show regular transactions resembling salary payments. They likely reflect the earnings of IT specialists working abroad under false identities. Between June 2023 and May 2025, Cheil-controlled wallets received over $12.7 million.

According to the U.S. Treasury, North Korea has stolen more than $3 billion in the last three years, mostly in cryptocurrency, using sophisticated cyberattacks. TRM Labs estimates that in 2025 alone, North Korean-linked hackers stole $2.7 billion, largely due to the record hack of Bybit exchange in February.

Hong Kong authorities have charged 16 individuals, including former lawyer and influencer Joseph Lam, in connection with the scandal involving the JPEX cryptocurrency exchange. This was reported by the South China Morning Post.

In April 2024, 72 people were arrested on suspicion of fraud related to the trading platform. JPEX managed a cryptocurrency trading platform without a license, misleading clients and positioning itself as a legitimate exchange.

According to the investigation, the platform’s management deceived over 2,700 investors out of 1.6 billion Hong Kong dollars (approximately $205.8 million).

Media reports suggest this is the largest financial fraud in Hong Kong’s history. Six defendants were key members of the JPEX team, while another seven, including Lam, were influencers or over-the-counter cryptocurrency operators. Interpol issued «red» notices for three fugitives who are believed to have played a central role in the scheme.

According to Europol, three fraudulent networks were dismantled during an international operation. Their activities targeted the theft of funds from credit cards and money laundering, totaling around $344 million.

On November 4, investigators from nine countries conducted a joint operation. The aim was 44 suspects, including alleged network operators, payment service providers, intermediaries, and a risk manager. Eighteen people were arrested, including five executives from four German companies.

The investigation believes that from 2016 to 2021, the perpetrators used stolen data to create over 19 million fake subscriptions on adult websites, dating services, and streaming platforms. The charges on the cards were relatively small—around $58 per month—and accompanied by vague descriptions.

To conceal their operations, the scammers employed numerous shell companies, primarily registered in the UK and Cyprus, utilizing a Crime-as-a-Service infrastructure. As a result of their actions, over 4.3 million users in 193 countries were affected.

Following 29 searches conducted in Germany, assets exceeding $40 million were seized, including luxury cars, cryptocurrency, laptops, and mobile phones.

The cybersecurity measures at the Louvre were deemed inadequate, and significant system failures went unaddressed for years, likely exploited by the participants in a recent heist. This was revealed in an investigation by the French newspaper Libération.

The journalists assert that as early as 2014, specialists from the National Cybersecurity Agency identified vulnerabilities in the museum’s security.

During an audit, experts managed to penetrate the Louvre’s network using standard office computers. This allowed them to remotely damage the surveillance system and alter access rights on badges.

Weak passwords also facilitated the breach. Journalists learned that in 2014, accessing the server managing the surveillance system required the password «Louvre.»

In 2015, the museum organized a follow-up audit that lasted a year and a half. A report marked «confidential,» which journalists reviewed, was prepared in 2017. Like the previous one, experts provided an unsatisfactory assessment of the museum’s security. The Louvre’s management was advised to change passwords more frequently and not to neglect antivirus updates.

By examining technical documents submitted by the museum between 2019 and 2025, investigators highlighted that some issues remained unresolved after eight years. This concerns at least eight programs managing surveillance, access control, and servers. A document from 2021 also noted that the software Sathi operates on Windows Server 2003, for which Microsoft ended support in 2015.

According to Libération, at the beginning of 2025, the Paris police initiated a new security audit of the museum, specifically targeting its control centers. Neither the Louvre nor the police prefecture, nor the French Ministry of Culture provided comments on the investigation.