Find notable cyber news and cases, enriched with sources, timelines, and signals.

TA551 campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 45
2 unique sources, 2 articles

Summary

Hide ▲

The TA551 / Mario Kart operation ran a massive spam-email malware campaign that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it could send 700,000 emails a day and infect about 3,000 computers per day. The scale of the botnet made it a durable delivery channel for follow-on criminal activity.

Related Happenings

FBI seizes NetNut and Popa botnet domains

Law Enforcement
H score34 First: 02.07.2026 22:27 Last: 02.07.2026 22:27 Sources 1

About this happening: The **FBI** seized **hundreds of domains** tied to **NetNut** and the **Popa botnet**, disrupting infrastructure used for **abusive traffic** and **account-takeover activity**. Th...

OYSTERBLUES information-stealer delivery via spear-phishing

Malware Activity
H score27 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: The **OYSTERBLUES** malware activity used **compromised accounts** and **spear-phishing** to reach **government organizations**, increasing the risk of credential theft and follow...

Foreign-run botnets relaying traffic through infected Canadian devices

Malware Activity
H score22 First: 22.06.2026 12:11 Last: 22.06.2026 12:11 Sources 1

About this happening: The public ruling confirms **two foreign-run botnets** used **infected Canadian devices** as traffic relays, a setup that can conceal probing of **critical infrastructure, governm...

Popa botnet forcing consumer TV boxes to relay traffic

Malware Activity
H score76 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: **Popa** is an **Android-based botnet** that turns **consumer TV boxes** and related devices into relay infrastructure, maintaining encrypted connectivity and opening tunnels on d...

Latest development: 03.07.2026 12:35

Google disabled NetNut accounts used for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing compromised SDKs while FBI legal actions and domain seizures targeted NetNut infrastructure. The coordinated disruption was described as degrading NetNut’s proxy network and shrinking the pool of devices available to the operator.

Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score69 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...

Timeline

  1. 25.03.2026 10:47 2 articles · 3mo ago

    TA551/Mario Kart sentencing disclosure

    Initial Disclosure

    Russian national Ilya Angelov was sentenced to two years in prison after admitting he co-managed the Mario Kart/TA551 spam botnet, which prosecutors said ran from 2017 to 2021, sent up to 700,000 phishing emails a day, and helped deliver BitPaymer ransomware against over 70 U.S. companies, generating over $14 million in extortion payments.

    Show sources