Find notable cyber news and cases, enriched with sources, timelines, and signals.

Chinese-language money alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

Trafficking-linked crypto payments are increasingly routed through Telegram-based CMLN services, scam compounds, and online casinos, expanding the scale and resilience of organized criminal monetization. The activity reached hundreds of millions of dollars last year and crypto inflows rose 85% annually. The ecosystem now spans escort services, labor placement agents, prostitution networks, and CSAM vendors, showing how multiple illicit lines of business can share payment infrastructure. One dark web site alone used 5,800 cryptocurrency addresses and generated more than $530,000 since July 2022.

Related Happenings

Treasury sanctions Prince Group-linked entities and FinCEN designates H-Pay Service

Regulatory/Legal Action
H score17 First: 24.06.2026 11:55 Last: 24.06.2026 11:55 Sources 1

About this happening: The **U.S. Treasury** imposed fresh sanctions on **nine individuals** and **26 entities** linked to **Prince Group**, while **FinCEN** designated **H-Pay Service PLC** as a **prim...

AudiA6 laundering ecosystem and Dark2Web forum

Threat Actor Meta
H score31 First: 11.06.2026 18:55 Last: 11.06.2026 18:55 Sources 1

About this happening: **AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...

Anonymous Fénix DDoS and volunteer-recruitment campaign

Campaign
H score29 First: 23.02.2026 23:59 Last: 23.02.2026 23:59 Sources 1

About this happening: **Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...

ZeroDayRAT Telegram spyware seller ecosystem with direct developer support

Threat Actor Meta
H score31 First: 10.02.2026 23:37 Last: 10.02.2026 23:37 Sources 1

About this happening: **ZeroDayRAT** is being sold as a **Telegram-based spyware service** with direct access to the developer through dedicated channels for **sales**, **customer support**, and **regu...

Global HYIP scam campaign using fake investment sites and social media

Campaign
H score47 First: 02.02.2026 17:34 Last: 02.02.2026 17:34 Sources 1

About this happening: A **global HYIP scam campaign** is using **4,200+ fake investment websites** and **social-media promotion** to solicit deposits, creating sustained fraud risk for investors and ma...

Timeline

  1. 16.02.2026 12:30 2 articles · 4mo ago

    Chainalysis reports Telegram-linked trafficking finance expansion

    Initial Disclosure

    Chainalysis said human trafficking operations made hundreds of millions of dollars last year as cryptocurrency inflows surged 85% annually, and linked the activity to South East Asia scam compounds, online casinos, and Chinese-language money laundering (CMLN) networks operating on Telegram. The analysis also described Telegram-based international escort services, labor placement agents supporting kidnapping and forced labor in scam compounds, prostitution networks, and CSAM vendors, and said one dark web site used 5,800 cryptocurrency addresses and generated more than $530,000 since July 2022.

    Show sources