Happy 16th Birthday, KrebsOnSecurity.com!

KrebsOnSecurity.com proudly marks its 16th anniversary today, a milestone built on a foundation of relentless investigation and unwavering commitment to exposing the dark corners of the cyber world. This past year, 2025, has been a testament to the power of bringing perpetrators to justice, with a significant focus on the entities that have so brazenly facilitated complex, globe-spanning cybercrime operations. We extend a profound and heartfelt thank you to our dedicated readership – the newcomers, the seasoned followers, and even our most vocal critics. Your engagement has been an invaluable source of encouragement, a true balm during moments of challenge, and a driving force behind our impactful work.

Our journey through 2025 has been marked by a series of critical exposés that have resonated across the cybersecurity landscape. In May 2024, KrebsOnSecurity delved deep into the shadowy history and opaque ownership of Stark Industries Solutions Ltd. This "bulletproof hosting" provider, which emerged just weeks before the invasion of Ukraine, became a crucial staging ground for relentless Kremlin-sponsored cyberattacks and insidious disinformation campaigns. A year later, the European Union recognized the threat and sanctioned Stark and its two principal owners. However, our subsequent investigations revealed a disheartening reality: these penalties had done little to deter the proprietors. They had skillfully rebranded and artfully transferred substantial network assets to other entities under their control, demonstrating a chilling resilience in their illicit operations.

December 2024 saw KrebsOnSecurity shining a spotlight on Cryptomus, a Canadian-registered financial firm that had rapidly ascended to become the payment processor of choice for a multitude of Russian cryptocurrency exchanges and websites peddling cybercrime services specifically tailored for Russian-speaking clientele. The implications of this financial artery for illicit activities were significant. The repercussions were swift and decisive. In October 2025, Canadian financial regulators, recognizing the gross violations of anti-money laundering laws, imposed a record-breaking $176 million fine against the platform, a significant blow to its operations and a victory for financial integrity.

Happy 16th Birthday, KrebsOnSecurity.com!

The reverberations of the 2022 LastPass breach continued to be felt throughout 2025. In September 2023, KrebsOnSecurity published crucial findings from researchers who meticulously pieced together a series of multi-million dollar cyberheists. Their conclusion was stark: these sophisticated attacks, targeting dozens of victims, were the direct result of cybercriminals cracking master passwords that had been pilfered from the LastPass password manager service. The gravity of this breach was further underscored in March 2025, when U.S. federal agents investigating a spectacular $150 million cryptocurrency heist confirmed their parallel conclusion in a court filing, directly linking the audacious theft to the 2022 LastPass hacks.

Phishing, in its myriad and increasingly sophisticated forms, emerged as a dominant theme in our 2025 coverage. We provided unprecedented glimpses into the day-to-day operations of several voice phishing gangs, whose elaborate, convincing, and devastatingly effective cryptocurrency thefts routinely left victims financially ruined. Our in-depth piece, "A Day in the Life of a Prolific Voice Phishing Crew," meticulously detailed how one such cybercrime syndicate artfully abused legitimate services offered by tech giants like Apple and Google. This abuse enabled them to force a variety of outbound communications to their unsuspecting users, including deceptive emails, automated phone calls, and critical system-level messages sent to all logged-in devices, creating a pervasive and inescapable trap.

The relentless tide of SMS phishing, or "smishing," originating from China-based phishing kit vendors, was dissected in nearly half a dozen comprehensive reports throughout 2025. These vendors have democratized cybercrime, making it remarkably easy for their customers to convert phished payment card data into lucrative mobile wallets from Apple and Google. In a significant effort to dismantle this powerful phishing syndicate, Google has taken decisive legal action. The tech giant has filed at least two John Doe lawsuits, targeting these clandestine groups and dozens of unnamed defendants in an attempt to wrest control over their online resources and disrupt their illicit infrastructure.

In January, we brought to light crucial research exposing a dubious and sprawling content delivery network known as Funnull. This network specialized in providing essential infrastructure for China-based gambling and money laundering websites, enabling them to distribute their operations seamlessly across multiple U.S.-based cloud providers. The implications of such clandestine support were far-reaching. Just five months later, the U.S. government took decisive action, sanctioning Funnull and officially identifying it as a primary source of "pig butchering" scams – insidious investment and romance frauds that have inflicted immense financial and emotional damage on countless victims worldwide.

The global reach of cybercrime was further illustrated in May with the arrest of 21 individuals in Pakistan, alleged to be working for Heartsender. This notorious phishing and malware dissemination service, which KrebsOnSecurity first profiled back in 2015, had continued its destructive operations for another decade. The arrests followed a significant disruption by the FBI and Dutch police, who seized dozens of servers and domains belonging to the group. It is a particularly poignant detail that many of those apprehended were first publicly identified in a 2021 report on this site, detailing how they had inadvertently infected their own computers with malware that ultimately exposed their real-life identities, a stark reminder of the double-edged sword of digital exposure.

In April, the U.S. Department of Justice took a significant step by indicting the proprietors of a Pakistan-based e-commerce company for their conspiracy to distribute synthetic opioids in the United States. The following month, KrebsOnSecurity delved deeper, revealing that the proprietors of this sanctioned entity were perhaps more widely recognized for operating an elaborate and long-standing scheme that preyed on Westerners seeking assistance with trademark registrations, book writing, mobile app development, and logo designs. This dual nature of their illicit activities – the distribution of dangerous drugs and the exploitation of aspiring entrepreneurs – painted a disturbing picture of their criminal enterprise.

Earlier this month, our investigative lens focused on an academic cheating empire that had achieved staggering revenues in the tens of millions of dollars, largely turbocharged by Google Ads. This empire has demonstrated curious ties to a Kremlin-connected oligarch whose Russian university is actively involved in building drones for Russia’s ongoing war against Ukraine, raising serious questions about the intersection of education, illicit profiteering, and geopolitical conflict.

As ever, KrebsOnSecurity has diligently monitored the world’s most significant and disruptive botnets, which unleashed a torrent of distributed denial-of-service (DDoS) assaults this year, dwarfing previous records with attacks two to three times larger and more impactful than those seen before. In June, KrebsOnSecurity.com itself fell victim to the largest DDoS attack Google had ever mitigated at that time. We remain deeply grateful for the protection afforded by Google’s excellent Project Shield offering. Experts attributed this attack to an Internet-of-Things botnet known as Aisuru, which had experienced a meteoric rise in size and destructive power since its debut in late 2024. Tragically, the threat did not subside; another Aisuru attack on Cloudflare just days later nearly doubled the size of the June assault against our site. Not long after, Aisuru was implicated in a DDoS attack that once again doubled the previous record, highlighting the escalating scale of these cyber threats.

In October, it appeared that the cybercriminals controlling Aisuru had pivoted their botnet’s focus from disruptive DDoS attacks to a more sustainable and lucrative venture: renting out hundreds of thousands of infected Internet of Things (IoT) devices. These devices were being leveraged for proxy services, which significantly aid cybercriminals in anonymizing their malicious traffic, making attribution and takedown even more challenging. However, recent revelations have illuminated a complex and intertwined reality. It has become clear that at least some of the disruptive botnet and residential proxy activity attributed to Aisuru last year was, in fact, the work of the architects behind a formidable botnet known as Kimwolf. XLab, a prominent Chinese security firm that first chronicled Aisuru’s ascent in 2024, recently profiled Kimwolf, identifying it as unequivocally the world’s largest and most dangerous collection of compromised machines, boasting approximately 1.83 million devices under its control as of December 17.

XLab’s comprehensive report on Kimwolf included a particularly chilling observation: the author of the Kimwolf botnet "shows an almost ‘obsessive’ fixation on the well-known cybersecurity investigative journalist Brian Krebs, leaving easter eggs related to him in multiple places." This unsettling detail underscores the personal stakes and the far-reaching impact of our investigative work.

Looking ahead, I am pleased to report that the first KrebsOnSecurity stories of 2026 will delve deeply into the origins of Kimwolf, meticulously examining the botnet’s unique and alarmingly invasive methods of spreading digital disease across the globe. The inaugural piece in this series will include a sobering, global security notification concerning the devices and residential proxy services that are inadvertently fueling Kimwolf’s rapid and concerning expansion.

Once again, we extend our sincere gratitude for your continued readership, your unwavering encouragement, and your vital support. If you find value in the content we publish at KrebsOnSecurity.com, we kindly ask that you consider making an exception for our domain in your ad blocker. The advertisements we feature are limited to a select few static images, all served in-house and personally vetted by me. There is absolutely no third-party content on this site, ensuring a clean and secure browsing experience. Your support through this small adjustment would significantly contribute to sustaining the in-depth investigative journalism you have come to expect from us almost every week.

And if you haven’t already, we strongly encourage you to sign up for our email newsletter. With over 62,000 subscribers already, it’s clear they can’t be wrong! The newsletter is a simple, plain-text email that is dispatched the moment a new story is published. We send between one and two emails per week, we steadfastly promise never to share our email list, and we do not engage in surveys or promotions.

Thank you once again, and we wish everyone a safe and Happy New Year! Please, be safe out there.

Happy 16th Birthday, KrebsOnSecurity.com!

Happy 16th Birthday, KrebsOnSecurity.com!

Pradipta eManuel

Related Posts

SMS Phishers Pivot to Points, Taxes, Fake Retailers

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Leave a Reply Cancel reply

Other Story

Binance Begins $1B SAFU BTC Conversion With First $100M Buy

Lab Grown Meat Is Failing For One Key Reason, Analyst Claims

AI Creates the First 100-Billion-Star Milky Way Simulation, Revolutionizing Galactic and Earth System Science.

Q&A: Why Deep Tech Investors Are Turning To The Secondary Market For Liquidity

What’s next for EV batteries in 2026?

Bitcoin is Expected to Dive Below $50,000 Before Bottoming