Cybercrime crackdown disrupts malware, exposes AI attack risks

Law enforcement and cybersecurity companies have intensified efforts against cybercrime, with multiple recent operations targeting sophisticated malware networks and supply chain attacks. Authorities and private sector partners such as CrowdStrike, Europol, and the FBI collaborated to disrupt major operations connected to global malware campaigns. At the same time, incidents involving artificial intelligence in cyber-attacks and supply chain breaches remain a growing concern for enterprises worldwide.

Malware network takedown

Operation Endgame 3.0 terminated the infrastructure behind three prolific cybercriminal networks: the Rhadamanthys infostealer, VenomRAT trojan, and the Elysium botnet. These networks were responsible for malware infections affecting hundreds of thousands of victims, with Rhadamanthys alone linked to the theft of access to more than 100,000 crypto wallets, representing potential financial losses in the millions.

"Operation Endgame 3.0 shows what's possible when law enforcement and the private sector work together. Disrupting the front end of the ransomware kill chain - the initial-access brokers, loaders, and infostealers - instead of just the operators themselves has a ripple effect through the eCrime ecosystem. By targeting the infrastructure that fuels ransomware, this operation struck the ransomware economy at its source. But disruption isn't eradication. Defenders should use this window to harden their environments, close visibility gaps, and hunt for the next wave of tools these adversaries will deploy. Continued intelligence sharing between governments and private-sector partners like CrowdStrike will be key to maintaining this momentum and driving a lasting impact," said Adam Meyers, Head of Counter Adversary Operations, CrowdStrike.

AI-driven cyberattacks

Concerns are rising about the use of artificial intelligence in cybercrime. According to a report, state-affiliated hackers have leveraged AI capabilities to automate attacks, including social engineering and system exploitation, increasing the difficulty of defending against such threats.

"This incident is a wake-up call for anyone deploying agentic AI. The same AI that we all love because it can research potential customers and help us write personalized emails can just as easily be used to socially engineer private information. And the same AI that finds and fixes security issues is now donning its black hat and hacking those same companies. The autonomy that makes these systems efficient is exactly what makes them vulnerable.

We can't unscramble these eggs, but we can guard against them. Enterprises need full transparency into autonomous behavior. If you can't see what an AI system is doing, you can't secure it. Trust only comes when every action is visible, verifiable, and governed. In the age of agentic AI, trust is the only business currency that matters," said David Colwell, Vice President of AI and Machine Learning, Tricentis.

Expense fraud evolution

Generative AI has also elevated expense fraud, making fake receipts indistinguishable from legitimate documentation. Research shows that 74% of finance leaders in the UK now worry about employees using AI to generate fraudulent claims, but a quarter remain unconcerned, potentially underestimating the threat.

"International Fraud Awareness Week is an opportunity to highlight just how real the risk of AI powered expense fraud is, with AI-generated receipts now so realistic that they can outsmart the human eye. Yet the real, but overlooked, problem is that finance teams are looking in the wrong place to validate them. A receipt, real or fake, is only ever a reflection of a payment. A receipt can be fabricated, but a payment can't. So, the real 'source of truth' lies in the payment trail, not in tell-tale signs of AI generation, which are now near impossible to spot. If every company expense were linked to a traceable, digital payment, the opportunity for falsification would virtually disappear. Businesses must move beyond outdated processes that rely on manual checks and retrospective policing. Expense management needs to shift from a reactive to a proactive approach, built on real-time verification and transparent, auditable digital spend. Generative AI will continue to evolve, and so must financial systems. It's time we stop trying to outsmart fake paper and start modernising how money moves, "said Carlo Gualandri, Chief Executive Officer, Soldo.

Supply chain risks

Recent supply chain breaches highlight persistent vulnerabilities. A data breach at Logitech followed attacks on customers of Oracle's E-Business Suite, attributed to the Cl0p extortion group exploiting previously unknown vulnerabilities. Over 50 organisations were affected, underscoring the growing practice of using third-party platforms as entry points.

"As we head into the fifth anniversary of the SolarWinds attack, this Logitech breach underscores again the systemic risk created by zero-day exploitation within trusted enterprise platforms. The Cl0p extortion campaign targeting Oracle E-Business Suite customers is not an isolated criminal act; it reflects the broader evolution of cyber insurgency against Western supply chains. When over 50 major organizations are impacted through the same vector, we are witnessing a campaign of island hopping-where adversaries infiltrate a third-party platform to traverse into corporate networks at scale. This incident highlights the escalating threat posed by financially motivated groups with nation-state tradecraft, such as the cluster linked to FIN11. These actors are weaponizing supply chain dependencies to exfiltrate sensitive corporate data without disrupting operations, making detection far more difficult.

Enterprises must dramatically enhance third-party risk management and expand continuous monitoring of interconnected systems. Zero-day exploitation campaigns of this magnitude demonstrate that defending your own perimeter is no longer enough. Organisations must assume their software providers are targets, harden identity controls, and increase threat hunting across all integrated platforms to suppress these campaigns before they metastasize," said Tom Kellermann, Vice President of Cyber Risk, HITRUST.

"The Oracle E-Business Suite zero-day campaign (CVE-2025-61882) is one of the most technically advanced operations we have seen from the Cl0p extortion group this year. It reinforces that Cl0p has matured into a threat actor capable of conducting its own vulnerability research and weaponizing flaws before defenders even know they exist. The group recently published a list of alleged victims on its TOR site, although several organizations have not yet confirmed compromise. This activity highlights a broader and recurring pattern. Cl0p continues to find and exploit systemic weaknesses in enterprise software supply chains, and they are accelerating. Organisations do not have to wait to become the next name on a leak site. These attack paths can be simulated and the security gaps addressed before an intrusion occurs. Now is the time to run these scenarios and close the exposures that groups like Cl0p rely on," said Adrian Culley, Senior Sales Engineer, SafeBreach.