1VPNS takedown in Operation Saffron
Law Enforcement
Summary
Hide ▲
Show ▼
French and Dutch authorities took down 1VPNS, seized 33 servers, and arrested its administrator in Operation Saffron, disrupting a VPN service used by ransomware and fraud actors.
Related Happenings
OFAC sanctions First VPN Service and two individuals
Regulatory/Legal Action
H score27
First: 14.07.2026 11:02
Last: 14.07.2026 11:02
Sources 1
How related:
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations.
About this happening:
**OFAC** sanctioned **First VPN Service (1VPNS)**, **Dmytro Rashevskyi**, and **Yegeniy Vladimirovich Silayev** for enabling **ransomware** attacks and helping malicious software...
OFAC sanctions First VPN Service and two individuals
Regulatory/Legal ActionHow related: The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations.
About this happening: **OFAC** sanctioned **First VPN Service (1VPNS)**, **Dmytro Rashevskyi**, and **Yegeniy Vladimirovich Silayev** for enabling **ransomware** attacks and helping malicious software...
First VPN Service as criminal VPN infrastructure for ransomware and fraud operators
Threat Actor Meta
H score18
First: 22.05.2026 20:35
Last: 22.05.2026 20:35
Sources 1
How related:
Since it surfaced in 2014, 1VPNS has advertised on cybercriminal forums that it keeps no logs of user activity or identities and would not cooperate with law enforcement.
About this happening:
**First VPN Service** functioned as a criminal VPN layer that let ransomware, fraud, and data theft operators hide their identities, expanding the reach and resilience of undergro...
First VPN Service as criminal VPN infrastructure for ransomware and fraud operators
Threat Actor MetaHow related: Since it surfaced in 2014, 1VPNS has advertised on cybercriminal forums that it keeps no logs of user activity or identities and would not cooperate with law enforcement.
About this happening: **First VPN Service** functioned as a criminal VPN layer that let ransomware, fraud, and data theft operators hide their identities, expanding the reach and resilience of undergro...
Latest development: 14.07.2026 11:02
The U.S. Treasury Department’s OFAC sanctioned First VPN Service (1VPNS), Ukrainian administrator Dmytro Rashevskyi, and Belarusian national Yegeniy Vladimirovich Silayev for supporting ransomware actors; Treasury said First VPN Service was used to hide attack origins, deploy malware, and manage exfiltrated data, and that victims included U.S. businesses, financial services companies, hospitals, and municipal governments.
First VPN had assets seized in First VPN takedown
Law Enforcement
H score17
First: 21.05.2026 18:30
Last: 21.05.2026 18:30
Sources 1
About this happening:
Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
First VPN had assets seized in First VPN takedown
Law EnforcementAbout this happening: Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
DOJ and Europol takedown of SocksEscort proxy network
Law Enforcement
H score19
First: 12.03.2026 18:19
Last: 12.03.2026 18:19
Sources 1
About this happening:
U.S. and European law enforcement **took down** **SocksEscort**, a long-running cybercrime proxy network that routed traffic through compromised edge devices. The action **seized...
DOJ and Europol takedown of SocksEscort proxy network
Law EnforcementAbout this happening: U.S. and European law enforcement **took down** **SocksEscort**, a long-running cybercrime proxy network that routed traffic through compromised edge devices. The action **seized...
RedVDS and Storm-2470 cybercrime-as-a-service platform scaling disposable Windows cloud servers
Threat Actor Meta
H score81
First: 15.01.2026 09:11
Last: 15.01.2026 09:11
Sources 1
About this happening:
The **RedVDS** cybercrime-as-a-service platform has been identified as a long-running underground service that let multiple criminal groups rent disposable **Windows cloud servers...
RedVDS and Storm-2470 cybercrime-as-a-service platform scaling disposable Windows cloud servers
Threat Actor MetaAbout this happening: The **RedVDS** cybercrime-as-a-service platform has been identified as a long-running underground service that let multiple criminal groups rent disposable **Windows cloud servers...
Timeline
-
14.07.2026 12:40 2 articles · 1h ago
1VPNS takedown in Operation Saffron
Initial DisclosureInvestigators began building the case in **December 2021** by infiltrating the **1VPNS** infrastructure and collecting its user database. That early access later supported the takedown, server seizures, and arrest carried out in **Operation Saffron**.
Show sources
- US sanctions VPN, malware providers for enabling ransomware attacks — www.bleepingcomputer.com — 14.07.2026 12:40
- US sanctions VPN, malware providers for enabling ransomware attacks — www.bleepingcomputer.com — 14.07.2026 12:40