CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Takedown of fraudulent CSAM distribution scam platform "Alice with Violence CP"

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

An international Europol-backed law enforcement operation, codenamed Operation Alice, dismantled the fraudulent dark web platform "Alice with Violence CP" and over 373,000 related sites advertising fake child sexual abuse material (CSAM) and cybercrime-as-a-service (CaaS) offerings. The takedown ran from March 9–19, 2026, and involved 22 countries, including Germany, the US, UK, and Ukraine. The platform, operated by a 35-year-old Chinese national, defrauded approximately 10,000 victims into paying between €17 and €215 in Bitcoin, extracting an estimated €345,000 ($396,000) over a six-year period (2019–2025). The scam advertised both non-existent CSAM packages and CaaS services such as stolen card data and access to compromised systems. Authorities identified 440 users in 23 countries, with over 100 under investigation for attempted CSAM purchase. Seized infrastructure included 287 servers, 105 of which were located in Germany. An international arrest warrant has been issued for the operator. The operation follows other major takedowns, including the 2024 Kidflix CSAM platform disruption, highlighting continued cross-border efforts against online child exploitation.

Timeline

  1. 20.03.2026 19:19 2 articles · 3d ago

    Operation Alice dismantles fraudulent CSAM scam platform and identifies 440 users

    The Europol-backed Operation Alice ran from March 9–19, 2026, across 22 countries and dismantled the fraudulent dark web platform "Alice with Violence CP" along with over 373,000 related dark web sites advertising fake CSAM and cybercrime-as-a-service (CaaS) offerings, including stolen card data and access to compromised systems. The platform, operated by a 35-year-old Chinese national since 2019, defrauded approximately 10,000 victims into paying between €17 and €215 in Bitcoin, extracting an estimated €345,000 ($396,000) from 2020 to 2025. Authorities identified 440 users in 23 countries, with over 100 under investigation for attempted purchase of CSAM. The operation led to the seizure of 287 servers, including 105 in Germany, and the issuance of an international arrest warrant for the operator. A Bavarian case from August 2023 is highlighted, where a 31-year-old father was convicted after attempting to purchase €20 of CSAM.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Global Law Enforcement Disrupts 'The Com' Cybercrime Collective

A coordinated international operation, Project Compass, has arrested 30 members of 'The Com,' a cybercrime group linked to ransomware attacks, extortion, violent activities, and the production of child sexual exploitation material (CSAM). The group, primarily composed of young individuals, has targeted high-profile entities and engaged in phishing, vishing, and SIM swapping. Project Compass, led by Europol's European Counter Terrorism Centre, involves multiple countries and aims to disrupt the group's operations and safeguard victims. The Com has been connected to Russian cybercriminal gangs and has expanded its activities to include physical violence, extremist links, and the exploitation of minors. The group operates with a decentralized structure, making it particularly difficult to disrupt. Europol splits The Com into three distinct groups of activity: cyber activity, offline activity, and extortion/sextortion activity.

Open in new tab

Global Law Enforcement Disrupts Black Axe Cybercrime Operations

A coordinated international law enforcement operation led by Europol has resulted in the arrest of 34 individuals associated with the Black Axe cybercrime gang. The operation, conducted with the support of the Spanish National Police and the Bavarian State Criminal Police Office, targeted key members of the group across Spain. The arrests and seizures have caused significant disruptions to Black Axe's operations, which include business email compromise (BEC) attacks, romance scams, phishing campaigns, and other forms of online fraud. The group is believed to generate billions annually, with the Spanish branch alone responsible for nearly €5.93 million in damages. Black Axe is a hierarchical criminal group that originated in Nigeria in 1977 and has spread to dozens of countries across the world, with about 30,000 registered members and other affiliates such as money mules and facilitators. The group specialized in man-in-the-middle (MITM) scams, including business email compromise (BEC). The damages caused by the cybercriminals in the last 15 years exceed $6 million, with $3.5 million linked to this operation. Four main suspects have been put into pretrial detention facing charges of aggravated continuous fraud, membership in a criminal organization, money laundering, document forgery, and obstruction of justice. The investigation is ongoing, and more arrests may follow.

Open in new tab

Large-scale Africa-wide cybercrime crackdown arrests over 1,200 suspects

Operation Serengeti 2.0, an INTERPOL-led international operation, resulted in the arrest of 1,209 cybercriminals across Africa. The operation targeted cross-border cybercrime gangs involved in ransomware, online scams, and business email compromise (BEC). The operation, conducted from June to August 2025, involved law enforcement from 18 African countries and the UK. Authorities seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 88,000 victims worldwide. Following this, Operation Sentinel, conducted between October 27 and November 27, 2025, led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. The operation took down more than 6,000 malicious links and decrypted six distinct ransomware variants. The cybercrime cases investigated are connected to more than $21 million in financial losses. Most recently, Operation Red Card 2.0, conducted between December 8, 2025, and January 30, 2026, resulted in the arrest of 651 suspects and the recovery of over $4.3 million. The operation targeted investment fraud, mobile money scams, and fake loan applications, identifying 1,247 victims and seizing 2,341 devices and 1,442 malicious websites, domains, and servers. The operation involved law enforcement agencies from 16 African countries: Angola, Benin, Cameroon, Côte d'Ivoire, Chad, Gabon, Gambia, Ghana, Kenya, Namibia, Nigeria, Rwanda, Senegal, Uganda, Zambia, and Zimbabwe. The operations were supported by data from private sector partners, including Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs, and Uppsala Security. Cybercrime now accounts for 30% of all reported crime in Western and Eastern Africa and is increasing rapidly elsewhere on the continent. Interpol's 2025 Africa Cyberthreat Assessment Report noted that two-thirds of African member countries claim cyber-related offenses now account for a 'medium-to-high' (i.e., 10-30% or 30%+) share of all crimes. Interpol director of cybercrime, Neal Jetton, warned that the scale and sophistication of cyber-attacks across Africa are accelerating, especially against critical sectors like finance and energy. Additionally, Operation Synergia III, conducted between July 2025 and January 2026, involved authorities from 72 countries. The operation resulted in 94 arrests and 110 suspects under investigation. Police in Togo arrested 10 suspects operating a fraud ring involving social media hacking, romance scams, and sextortion. Bangladeshi police arrested 40 suspects and seized 134 electronic devices related to loan scams, job scams, identity theft, and credit card fraud. Chinese investigators in Macau identified over 33,000 phishing and fraudulent websites impersonating casinos, banks, government sites, and payment services.

Open in new tab