Darknet Crypto Millions and the Ongoing Coinbase Controversy: Key Cybersecurity Developments This Week

Here’s a translation and unique paraphrasing of your provided text:

—

We have compiled the most significant cybersecurity news from the past week.

Law enforcement agencies across ten countries confiscated $200 million in both cash and cryptocurrency, as well as arrested 270 individuals suspected of being part of a major drug and arms trafficking network. This was reported by the U.S. Department of Justice.

Authorities seized over two tons of illegal drugs, including 144 kilograms of substances mixed with fentanyl and 180 firearms.

U.S. prosecutors have charged several prominent dealers, including operators of the dark web marketplaces Nemesis and Incognito Markets, which were using cryptocurrency for opioid sales and to conceal their earnings.

Security researchers at DomainTools identified more than 100 malicious Chrome browser extensions that mimic legitimate applications, particularly crypto utilities, YouTube, VPNs, and AI assistants.

The risks associated with installing these extensions include account takeover, personal data theft, and network activity monitoring. Ultimately, they provide hackers with a backdoor into the infected browsers, thus increasing the potential for exploitation.

Stolen session cookies can lead to unauthorized access to legitimate VPN devices or company accounts, granting attackers entry into corporate networks for larger-scale operations.

While Google has removed most of these extensions, some still remain available in the Chrome Web Store at the time of this writing.

U.S. intelligence agencies seized the control panel of the Lumma stealer, while their counterparts in Europe and Japan dismantled the malware’s infrastructure. Additionally, Microsoft secured a court order to block approximately 2,300 of its domains.

First recognized in late 2022, this threat spread via GitHub comments and deepfake generation websites. Subscription fees ranged from $250 to $1,000.

Once it infiltrated the system, Lumma was able to steal data from browsers and applications, including cryptocurrency wallets, cookies, credentials, passwords, and credit card information. The stealer features extensive evasion capabilities.

In a related effort, Europol disabled around 300 servers, neutralized 650 domains, and issued arrest warrants for 20 cybercriminals linked to malware such as Bumblebee, Lactrodectus, QakBot, DanaBot, TrickBot, and WARMCOOKIE. Over €21.2 million was confiscated, including €3.5 million in cryptocurrency.

Hackers who targeted a modified Signal client developed by TeleMessage intercepted messages from more than 60 high-ranking U.S. officials, according to Reuters.

Among those affected were firefighters, customs officials, members of the U.S. diplomatic corps, at least one White House employee, and a Secret Service member.

Media reports indicate that on May 4, the attackers breached TeleMessage’s server, which provides encrypted adaptations of popular messaging applications, enabling them to dump 410 GB of user messages in under 20 minutes.

The intruders also accessed internal communications from employees at the cryptocurrency exchange Coinbase. However, representatives of the platform stated that they did not utilize the messenger for sharing critical client data.

The organization DDoSecrets announced the release of access to a database for researchers and journalists, containing the correspondence and metadata of TeleMessage users.

The European Council added Stark Industries, a web hosting provider, along with its two executives—CEO Yuri Nekuliti and owner Ivan Nekuliti—to its sanctions list for facilitating cyberattacks benefiting Russia.

«They acted as facilitators for various actors sponsored by or associated with the Russian state, engaging in destabilizing activities, including interference in information manipulation and cyberattacks against the EU and third countries,» the statement noted.

Stark Industries is registered in the UK and provides VPS/VDS servers across the UK, Netherlands, Germany, France, Turkey, and the USA. The provider accepts payments in Bitcoin, Ethereum, Monero, and Dash, among other currencies.

Experts have linked various disinformation campaigns and DDoS attacks supporting Russia to Stark Industries’ servers and additional services provided by the Nekuliti brothers.

Sanctions were also imposed on the Federal State Unitary Enterprise «Main Radio Frequency Center,» part of Roskomnadzor, for its involvement in electronic warfare tactics, including jamming and GPS signal spoofing in the Baltic states, as well as creating disruptions in civil aviation operations.

Vietnam’s Ministry of Technology has accused the messaging app Telegram of failing to cooperate with law enforcement and has ordered it to be blocked in the country until June 2. This information was reported by Reuters.

Authorities state that 68% of the 9,600 channels and groups on the app in Vietnam violate the law, with allegations of spreading «toxic» information, posting anti-government material, and facilitating crimes including fraud and drug trafficking.

The announcement emphasized that Telegram has not registered its operations in the country, fails to remove prohibited content upon police request, and does not provide user data to the government in criminal investigations.

—

If you need further modifications or additional content, let me know!