1. Forum
  2. tqwNet
  3. TQW GENTECH

  • FBI confirms 25 ransomware groups using First VPNs now seized ser

    From TechnologyDaily@1337:1/100 to All on Fri May 29 15:30:27 2026
    FBI confirms 25 ransomware groups using First VPNs now seized services heres what we know

    Date:
    Fri, 29 May 2026 14:18:20 +0000

    Description:
    FBI links First VPNs activities to gangs involved in cybercrime and calls for tighter security controls and behavioural monitoring to prevent cyberattacks.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The FBI identified 25 hacking groups linked to First VPN's illegal activities Avaddon Ransomware was included on the list The FBI recommends stricter controls At least 25 ransomware groups were actively using First VPN Service IP for criminal purposes at the time it was dismantled in a coordinated international operation led by European law enforcement forces, the Federal Bureau of Investigation (FBI) has confirmed.

    Last week, 33 servers belonging to the free VPN service were taken offline, and its European domain was seized as part of " Operation Saffron ," jointly led by European law enforcement agencies Europol and Eurojust. In a report , the US intelligence agency detailed how First VPN facilitated cybercrime,
    with hackers using its service to carry out criminal web activity, including scams, botnets, and scanning. Among the 25 names listed is Avaddon
    Ransomware, a malware group that targeted various business sectors, notably striking the insurance giant AXA in 2021 . You may like Proton joins the backlash against Canada's surveillance bill 'VPN have adapted' How these VPN services dodge Russia's censors Using a VPN may turn Americans into targets
    of 'warrantless' surveillance, lawmakers warn

    Launched in December 2021 and culminating in May, the success of Operation Saffron proved that, thanks to the monumental efforts of law enforcement agencies to tackle illegal activities, we can continue to enjoy the real benefits of the privacy that the best VPNs can offer.

    Investigators managed to obtain the platform's user database and have already identified 506 specific users, with the data gathered already proving useful in 21 Europol ongoing cybercrime investigations and we can only expect more to emerge soon. How cybercriminals used First VPN (Image credit: Photo by
    Fred TANNEAU / AFP via Getty Images) According to the FBI report , the VPN explicitly targeted cybercriminals by advertising directly in their circles
    on the dark web, including Russian-language online forums Exploit[.]in and XSS[.]is where cybercriminals trade stolen data and hacking tools.

    There, the First VPN explicitly offered a secure environment for unlawful acts, offering no-log policies, global jurisdiction circumvention, and a refusal to cooperate with the authorities.

    Specifically, users could use cryptocurrencies to purchase subscription services offering varying degrees of digital anonymity for periods ranging from one day to one year. To maximise user anonymity, First VPN provided 32 services spread across 27 countries from which users could select up to four 'nodes'.

    The service even had its own technical support for criminals via Telegram and a self-hosted Jabber server.

    As the malicious infrastructure was hosted in the cloud or virtualised, the
    IP addresses used for the ransomware were randomly reassigned to legitimate services, making it harder for investigating authorities to trace the source of the criminal activity. What to read next Press freedom group asks US lawmakers for transparency over alleged VPN surveillance FBI slams cybercriminals for attacking schools, hospitals, as crypto fraud soars Norton VPN enters the AI agent space with 'first truly AI native' VPN for agents

    By using techniques such as password spraying and brute force attacks , hackers guessed passwords to access their victims environments, such as corporate desktops and apps, from where they were able to scan the networks
    to identify the devices, servers, and users connected to them.

    By routing their attacks through the First VPNs available exit nodes, their attacks appeared to originate from a legitimate and trustworthy source.

    Cybercriminals also exploited the infrastructure to launch denial-of-service (DDoS) attacks , flooding victims networks with traffic to overwhelm the victim and render their systems inoperable a technique often used to prevent the detection of a more serious attack in progress. How to be safe The FBI
    has published detailed recommendations for organisations, calling for the implementation of multi-layered security controls, combined network restrictions, identity-based protections, and behavioural monitoring to prevent ransomware attacks, data breaches, and unauthorised network access.

    It recommends blocking and monitoring First VPNs infrastructure, and continuously monitoring unauthorized VPN connections or IP addresses associated with anonymisation services.

    Crucially, multi-factor authentication (MFA) should be implemented for all remote access services and cloud-based applications to limit authentication attempts originating from unknown areas or IP addresses. Today's best VPN deals NordVPN 2 Year 2.59 /mth View +3 months free Surfshark 24 Months 1.49 /mth View Proton VPN 24 Month 2.39 /mth View We check over 250 million products every day for the best prices



    ======================================================================
    Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/fbi-confirms-25-ransomware- groups-using-first-vpns-now-seized-services-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)