Infosec In Brief The FBI is investigating a breach of its systems which reportedly affected systems related to wiretapping and surveillance.
"The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond," a spokesperson told us via email last Friday. "We have nothing additional to provide."
The bureau’s remarks follow an earlier CNN report that cited a source familiar with the investigation and who told the outlet that the digital intrusions are related to the network that the agency uses to manage wiretapping and foreign intelligence surveillance warrants.
And while the FBI declined to provide any additional information, it's worth noting that China's Salt Typhoon previously compromised wiretapping systems used by law enforcement.
Salt Typhoon is the PRC-backed crew that famously hacked major US telecommunications firms and stole information belonging to nearly every American.
According to the Associated Press, the FBI notified Congress that it began investigating the breach on February 17 after spotting abnormal log information related to a system on its network.
"The affected system is unclassified and contains law enforcement sensitive information, including returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations," the notification said.
Europol-coordinated operations last week took down two major cybercrime platforms.
On March 4, Europol issued separate announcements revealing that its team dismantled the Tycoon2FA phishing platform, and stolen data marketplace LeakBase.
Tycoon2FA has been the world’s dominant phishing-as-a-service platform since commencing operations in 2023, according to an eSentire report last year.
At the time, the platform had around 2,000 active monthly subscribers, each paying $200-$300 per month for access to sophisticated, ready-made phishing kits for major platforms like Microsoft 365 and Google Workspace. Tycoon2FA’s suite also included tools that allowed attackers to steal session cookies, and bypass two-factor and multi-factor authentication.
In announcing the takedown, Europol said that by mid-2025, Tycoon2FA was the source of roughly 62 percent of all phishing attempts blocked by Microsoft.
"It enabled thousands of cybercriminals to covertly access email and cloud-based service accounts. At scale, the platform generated tens of millions of phishing emails each month and facilitated unauthorized access to nearly 100,000 organizations globally, including schools, hospitals, and public institutions."
LeakBase served as a haven for cybercriminals looking to get their hands on the types of data typically stolen by infostealer malware.
Europol described it as a "vast and continuously updated archive of breached databases."
The website had over 142,000 registered users as of December 2025. Authorities will now investigate them all.
Law enforcement officials carried out over 100 takedown actions across March 3-4, including unspecified "measures" against 37 of the site's most active users.
The following day, authorities seized the website's domain and dropped the usual splash page informing visitors of the situation – the technical side of the takedown.
LastPass last week warned users of a phishing campaign that faked internal email threads.
In a campaign beginning around March 1, the phishing emails were crafted to appear like emails exchanged by internal users, and then forwarded on to targets.
The emails mostly discussed unauthorized access to accounts but used different angles to trick users. Some were ostensibly highlighting LastPass vault exports, others tried to convince users that their accounts had been recovered elsewhere, and others acted as fake notifications of a new device registration.
"Attackers use display name spoofing so that the name portion of the sender field is manipulated to impersonate LastPass, while the actual sending email address is unrelated," the company said.
"The attacker relies on the fact that many email clients, especially mobile, show only the display name, hiding the real sender address unless you expand it."
Like many fine phisherfolk, the perps encouraged victims to act quickly or risk their security.
Clicking a link took them to an imitation LastPass SSO page, where the attackers would scoop up their credentials.
"Please remember that no one at LastPass will ever ask for your master password," the company advised. "Rest assured, we are working with our third-party partners to have these sites taken down as soon as possible."
Russian ransomware operator pleads guilty
A Russian national pleaded guilty in US federal court on Wednesday to wire fraud conspiracy for his role in the Phobos ransomware operation that extorted tens of millions of dollars from its victims across the globe.
Evgenii Ptitsyn, 43, administered the sale, distribution, and operation of the ransomware-as-a-service operations. According to the feds, Phobos affiliates victimized more than 1,000 public and private entities and extorted ransom payments worth more than $39 million.
Ptitsyn was arrested in South Korea in 2024 and extradited to the US that same year.
He now faces a maximum penalty of 20 years behind bars.
Last month, Polish police arrested and charged another suspected Phobos ransomware operator after finding artifacts on his devices that the investigators believe are linked to cybercrime.
Blockchain-watcher Chainalysis last week published research claiming sanctioned entities managed to conduct $154 billion worth of cryptocurrency transactions in 2025, a 694 percent year-over-year increase.
$104 billion of that haul went to sanctioned entities, with the rest headed to “illicit addresses” – crypto accounts associated with crime or terrorist financing.
“The ruble-backed A7A5 stablecoin processed $93.3 billion in less than a year, acting as a critical bridge for Russian businesses to access global markets despite sanctions,” Chainalysis found, while Iran and Venezuela also used digi-dollars to dodge international law. ®
Source: The register