Four European hackers have been arrested in a joint operation by Thai authorities, the Swiss government, and US agencies for allegedly orchestrating ransomware attacks that impacted over 1,000 victims worldwide, resulting in an estimated $16 million in damages.
The operation, dubbed "PHOBOS AETOR," was led by the Cyber Crime Investigation Bureau (CCIB) of the Royal Thai Police. The four suspects were apprehended in coordinated raids across four locations in Phuket. Authorities also seized over 40 items, including mobile phones, laptops, and digital wallets, which are believed to contain critical evidence of the cybercrime syndicate’s activities.
The suspects face charges of conspiracy to commit offenses against the United States and conspiracy to commit wire fraud. The alleged crimes include deploying Phobos ransomware between April 30, 2023, and October 26, 2024, against 17 Swiss companies. Using sophisticated techniques, the group accessed company networks without authorization, stole sensitive data, and encrypted files, demanding cryptocurrency payments in exchange for decryption keys. If the ransoms were not paid, the hackers threatened to release stolen data, further compounding the victims’ losses. The group also employed cryptocurrency mixing services to conceal the illicit transactions and make tracing their financial activities more difficult.
The US Justice Department has unsealed criminal charges against Russian nationals Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, for allegedly running a cybercrime group using the Phobos ransomware from May 2019 to at least October 2024. The group targeted victims including hospitals, healthcare providers, and educational institutions, causing financial losses and data access disruptions. Berezhnoy, Glebov, and others operated under names like “8Base” and “Affiliate 2803,” stealing and encrypting data from victim networks. In collaboration with Europol and German authorities, international law enforcement disrupted over 100 servers linked to the network. The two face multiple charges, with potential sentences of up to 20 years in prison on some counts.
In a separate case, Thai and Chinese police forces apprehended two Chinese nationals, Ye Wanyou (29) and Li Weijie (30) allegedly involved in a large-scale scam operation, local media reported. The suspects, who resisted arrest and attempted to delete phone data, were apprehended at a luxury residence. Authorities seized assets worth $44,550 during the operation. Further investigation led to the freezing of $2.5 million in Tether's USDT stablecoin, which was reportedly obtained through the scam. The two men were charged with public fraud.
