Happy 16th Birthday, KrebsOnSecurity.com!
Monday, December 29, 2025
What
The article provides a retrospective of KrebsOnSecurity's 2025 investigations and reports, emphasizing the disruption of entities facilitating global cybercrime. This included scrutinizing Stark Industries Solutions Ltd., a bulletproof hosting provider linked to Kremlin cyberattacks, and Cryptomus, a Canadian financial firm fined for gross anti-money laundering violations serving Russian cybercrime. Coverage also detailed the evolution of record-breaking botnets like Aisuru and Kimwolf, sophisticated voice and SMS phishing gangs, and the takedown of services like Funnull and Heartsender.
Where
Affected organizations and systems include Stark Industries Solutions Ltd., Cryptomus, LastPass, Apple, Google, Funnull, Heartsender, Synergy University, Cloudflare, and various U.S.-based cloud providers. Geographic context spans Russia, Ukraine, the European Union, Canada, the United States, Pakistan, and China.
When
The primary focus is 2025, with specific events noted: Stark Industries scrutiny (May 2024), EU sanctions (May 2025); Cryptomus profile (Dec 2024), Canadian fine (Oct 2025); LastPass master password findings (Sept 2023), U.S. federal agents confirmation (March 2025); Funnull research (Jan 2025), U.S. sanctions (June 2025); Heartsender arrests (May 2025) following FBI/Dutch seizures; Pakistan e-commerce indictment (April 2025); Academic cheating empire (Dec 2025); KrebsOnSecurity DDoS attack (June 2025) by Aisuru, which debuted late 2024.
Key Factors
- •Despite EU sanctions, the proprietors of Stark Industries Solutions Ltd. demonstrated resilience by rebranding and transferring considerable network assets to other entities they control, highlighting the challenges in disrupting sophisticated cybercrime infrastructure.
- •Cryptomus, a Canadian-registered financial firm, was levied a record $176 million fine by Canadian financial regulators in October 2025 for grossly violating anti-money laundering laws, having served as a primary payment processor for dozens of Russian cryptocurrency exchanges and cybercrime services.
- •The Aisuru botnet, which debuted in late 2024, rapidly escalated its capabilities in 2025, being responsible for record-breaking distributed denial-of-service (DDoS) attacks against targets like KrebsOnSecurity and Cloudflare, before shifting its focus to renting hundreds of thousands of infected IoT devices for proxy services.
- •Sophisticated phishing operations, including voice phishing gangs and China-based SMS phishing kit vendors, routinely abused legitimate services from companies like Apple and Google to force outbound communications and facilitate the conversion of phished payment card data into mobile wallets.
Takeaways
- →Cybercrime services and their enablers are highly adaptable, often rebranding or shifting assets to evade sanctions and law enforcement efforts, necessitating continuous monitoring and evolving countermeasures.
- →The global nature of cybercrime requires robust international cooperation, as demonstrated by the coordinated efforts to sanction entities, seize servers, and make arrests across multiple countries.
- →Financial institutions, especially those handling cryptocurrency, must implement stringent anti-money laundering (AML) controls to prevent their platforms from being exploited by cybercriminals for illicit financial activities.
- →The increasing scale and sophistication of botnets like Aisuru and Kimwolf, and persistent phishing campaigns, underscore the critical need for organizations and individuals to adopt strong security practices, including multi-factor authentication and vigilance against social engineering.
Opens original article on Krebs on Security
