Аресты в киберпространстве: от крипто-мошеннических сетей до сбоев безопасности Лувра Cyber Crackdown: From Cryptocurrency Scams to Louvre Security Failures

We have compiled the most significant cybersecurity news from the past week.

European law enforcement agencies have detained nine alleged members of a network that stole over 600 million euros from victims across various countries. This information was released in a press release from Eurojust.

The scammers set up fake investment platforms that closely resembled legitimate crypto services, promising «clients» high returns. They attracted victims through social media, phone calls, and advertisements. After funds were transferred, users lost access to their cryptocurrency.

The operation took place on October 27 and 29 in Spain, Germany, and Cyprus. The arrested individuals face charges related to money laundering from fraudulent activities. During searches, 800,000 euros in bank accounts, 415,000 euros in cryptocurrency, and 300,000 euros in cash were seized.

On November 4, the U.S. Department of the Treasury announced sanctions against global financial institutions linked to North Korea and individuals associated with them.

They were accused of laundering proceeds from illegal activities, including cybercrime and fraud. Authorities believe these funds directly support weapons of mass destruction programs and ballistic missile production.

The list includes two North Korean bankers who helped manage funds, including approximately $5.3 million in cryptocurrency, through Cheil Credit Bank. Additionally, OFAC has placed sanctions on foreign representatives of North Korean banks, including senior officials from Koryo Commercial Bank, Ryugyong Commercial Bank, Foreign Trade Bank, and the Central Bank of North Korea.

Some of them are linked to a group engaged in ransomware programs that attacked American companies and laundered earnings from IT workers abroad.

According to TRM Labs, the 53 cryptocurrency addresses on the list collectively hold over $5.4 million. Most of the funds in USDT were frozen during a large-scale crackdown by Tether in April-May 2025.

Addresses associated with Cheil Bank exhibit regular transactions resembling salary transfers. They likely represent the earnings of IT specialists working abroad under fictitious names. Between June 2023 and May 2025, wallets controlled by Cheil received over $12.7 million.

According to the U.S. Treasury, North Korea has stolen over $3 billion in the past three years, primarily in cryptocurrency, using sophisticated cyberattacks. TRM Labs estimates that in 2025 alone, North Korean-linked hackers stole $2.7 billion, largely due to a record hack of the Bybit exchange in February.

Authorities in Hong Kong have charged 16 individuals, including former lawyer and influencer Joseph Lam, in connection with the scandal surrounding the JPEX cryptocurrency exchange. This was reported by South China Morning Post.

In April 2024, 72 individuals were arrested on suspicion of fraud related to the trading platform. JPEX operated a crypto trading platform without a license, misleading clients and presenting itself as a legitimate exchange.

Investigators allege that the platform’s management defrauded over 2,700 investors out of 1.6 billion Hong Kong dollars (~$205.8 million).

According to the media, this is the largest financial fraud in Hong Kong’s history. Six of the suspects were key members of the JPEX team, while another seven, including Lam, were influencers or operators of over-the-counter cryptocurrency trades. Interpol issued «red» notices for three fugitives. According to investigators, they played a central role in the scheme.

As reported by Europol, three fraudulent networks were dismantled during an international operation. Their activities targeted credit card theft and money laundering, totaling approximately $344 million.

On November 4, investigators from nine countries conducted a joint operation. The focus was on 44 suspects, including alleged network operators, payment service providers, intermediaries, and a risk manager. A total of 18 individuals were detained, including five executives from four German companies.

The investigation believes that between 2016 and 2021, criminals employed stolen data to create over 19 million fake subscriptions to pornographic websites, dating services, and streaming platforms. The charges on the cards were relatively small—about $58 per month—and accompanied by vague descriptions.

To conceal their operations, the scammers utilized numerous shell companies, primarily registered in the UK and Cyprus, leveraging a Crime-as-a-Service infrastructure. As a result of the criminals’ actions, more than 4.3 million users in 193 countries were affected.

Following 29 searches in Germany, assets valued at over $40 million were seized, including luxury vehicles, cryptocurrency, laptops, and mobile phones.

The Louvre’s cybersecurity was deemed inadequate, with significant system failures left unfixed for years, likely exploited by participants in a recent robbery. This is noted in an investigation by the French newspaper Libération.

Journalists claim that as early as 2014, specialists from the National Cybersecurity Agency identified vulnerabilities in the museum’s security.

During an audit, experts managed to penetrate the Louvre’s network using simple office computers. This allowed them to remotely damage the surveillance system and alter access rights on passes.

The hackers also benefited from weak passwords in security systems. Journalists found that, in 2014, to access the server controlling the surveillance, one needed to enter the password Louvre.

In 2015, the museum organized a second audit, which lasted a year and a half. A report marked «confidential,» which journalists reviewed, was prepared in 2017. Like the previous one, experts gave the museum’s security an unsatisfactory rating. The Louvre’s management was advised to change passwords more frequently and not to neglect antivirus updates.

By examining technical documents provided by the museum between 2019 and 2025, investigators highlighted that some issues remained unresolved for eight years. This pertains to at least eight programs managing video surveillance, access control, and servers. A 2021 document also noted that the Sathi software operated on the Windows Server 2003 operating system, for which Microsoft ceased support in 2015.

According to Libération, in early 2025, the Paris police began a new security audit of the museum, especially its control centers. Neither the Louvre, nor the police prefecture, nor the French Ministry of Culture commented on the investigation.