ScamLens

Weekly Intelligence Digest

AI-generated weekly summary of global anti-fraud intelligence, delivered every Sunday. Stay informed on the latest scam busts, emerging threats, and policy changes.

View Full News Feed

Subscribe to Weekly Digest

Get the latest anti-fraud intelligence delivered to your inbox every Sunday.

Latest Digest

Week of: 2026-04-05 ~ 2026-04-12

50 articles

Executive Summary

This week saw unprecedented international law enforcement coordination against major cybercrime networks, with breakthroughs in cryptocurrency fraud and ransomware operations. The UK National Crime Agency led efforts identifying over 20,000 crypto fraud victims, while German authorities unmasked REvil ransomware leaders. Critical infrastructure remains under sustained attack, with hospital systems, utilities, and government networks targeted by state-sponsored and financially motivated threat actors.

Law Enforcement Actions

  • UK National Crime Agency led international crackdown identified over 20,000 cryptocurrency fraud victims across Canada, UK, and US, representing a major coordinated multi-jurisdictional response to digital asset fraud networks.
  • German Federal Police (BKA) identified Russian nationals Daniil Shchukin and Anatoly Kravchuk as leaders of GandCrab and REvil ransomware operations (2019-2021), marking significant progress in dismantling major ransomware campaigns responsible for billions in extortion.
  • Thai military seized Royal Hill casino compound operating fake Australian, Chinese, and Brazilian police stations used for international fraud operations. Additional asset seizures underway targeting network linked to South African fugitive Benjamin Mauerberger.
  • International law enforcement disrupted FrostArmada (APT28) campaign exploiting MikroTik and TP-Link routers via DNS hijacking to steal Microsoft 365 credentials from 18,000+ networks across US and EU.

Scam Warnings

  • FBI reports US victims lost record $21 billion to cyber-enabled crimes in past year, with investment scams, business email compromise, and tech support fraud as primary loss drivers. Cyber fraud represents 85% of all financial losses.
  • Thai authorities identified network of fake police impersonation operations targeting international victims through gaming platforms and social engineering. Organized criminal group operated sophisticated call center fraud infrastructure.
  • Latin American cybercriminals exploit compromised mobile devices for rapid account takeover and funds transfer schemes, moving through attack stages faster than financial institutions can respond in mobile-first markets.

Technical Threats & Breaches

  • Microsoft reports Storm-1175 deploys Medusa ransomware at high velocity, exploiting N-day and zero-day vulnerabilities to achieve data exfiltration and encryption within 24 hours. Russian APT28 (Forest Blizzard) targets SOHO routers for credential harvesting via malwareless DNS hijacking.
  • Snowflake customers hit by data theft attacks following breach of SaaS integration provider; attackers stole authentication tokens for unauthorized environment access. Smart Slider 3 Pro plugin update system compromised, distributing malicious versions with multiple backdoors to WordPress and Joomla platforms.
  • Drift Protocol (Solana) suffered $285 million loss from privileged access exploitation. Bitcoin Depot cyberattack resulted in $3.6 million theft via compromised settlement account credentials. Adobe Reader zero-day actively exploited via malicious PDFs since December.
  • Eurail suffered December data breach affecting 300,000+ individuals; attacker disclosed 1.3TB including source code, databases, and Zendesk tickets. Healthcare provider ChipSoft ransomware attack took systems offline, disrupting patient and provider services.

Policy & Regulatory

  • US Treasury Department announced cybersecurity information sharing initiative for digital asset firms, providing actionable threat intelligence at no cost. FCC proposes new robocall crackdown requiring enhanced customer verification and steeper provider penalties.
  • Kyrgyzstan emerged as de facto crypto corridor facilitating sanctioned Russian financial flows and connecting Central Asian trade with Chinese supply chains through cryptocurrency intermediation.

ScamLens Platform Update

  • Platform conducted 87 domain checks this week to identify suspicious and fraudulent infrastructure. Welcome 2 new users to ScamLens community. Continue monitoring emerging threats affecting subscribers across all regions.

Next Week Outlook

Watch for developments in Operation Atlantic's cryptocurrency asset recovery efforts and potential indictments of additional REvil actors. Monitor escalating Iranian nation-state targeting of US critical infrastructure and healthcare sector resilience responses.

Past Digests

2026-04-05 ~ 2026-04-12

50 articles — This week saw unprecedented international law enforcement coordination against m...

2026-03-29 ~ 2026-04-05

50 articles — This week saw critical infrastructure breaches in cryptocurrency and supply chai...

2026-03-22 ~ 2026-03-29

0 articles — This week saw minimal anti-fraud news activity with no major law enforcement act...

Weekly digests are AI-generated summaries of publicly available news. ScamLens does not create original reporting. Always verify with primary sources.