Today’s Topics:

• Global Law Enforcement Nets $400 Million in Financial Crime Crackdown
• Python AI Library Compromised in Software Supply Chain Attack
• How can Netizen help?

Global Law Enforcement Nets $400 Million in Financial Crime Crackdown

A large-scale operation, HAECHI-V, led by INTERPOL, resulted in the arrest of more than 5,500 individuals and the seizure of over $400 million in both virtual assets and traditional currencies. Authorities from 40 countries participated in this coordinated effort, which ran from July to November 2024.

INTERPOL Secretary General Valdecy Urquiza addressed the consequences of cybercrime, noting the damage it causes to individuals and businesses, as well as the erosion of trust in digital and financial systems. The operation demonstrated the importance of international cooperation, with countries working together to counter global cybercrime.

A key achievement of HAECHI-V was the dismantling of a voice phishing syndicate. This group, operating in Korea and Beijing, posed as law enforcement officials, using fake IDs to deceive victims. They were responsible for defrauding people of $1.1 billion, affecting over 1,900 victims. Of the 27 individuals arrested, 19 are facing charges.

Additionally, INTERPOL issued a Purple Notice regarding a USDT Token Approval Scam, a new cryptocurrency fraud tactic. Scammers used romance-themed schemes to lure victims into purchasing Tether (USDT) tokens. Once victims clicked phishing links, they unknowingly granted scammers access to their wallets, allowing funds to be stolen.

This operation follows other successful law enforcement efforts, such as:

• 2023: A six-month operation that led to 3,500 arrests and the seizure of $300 million in 34 countries.
• 2024 (Africa): The disruption of 134,089 malicious networks, alongside 1,006 arrests, across 19 African nations.

Python AI Library Compromised in Software Supply Chain Attack

Two versions of the popular Python AI library, Ultralytics, were compromised to deliver a cryptocurrency miner. Versions 8.3.41 and 8.3.42, now removed from the Python Package Index (PyPI), caused a notable spike in CPU usage, pointing to cryptocurrency mining activity.

The attack was particularly concerning because the malicious code was injected into the build environment after the code review stage. This allowed the infected versions to diverge from the unmodified GitHub repository.

ReversingLabs’ Karlo Zanki noted that the attack exploited a GitHub Actions Script Injection vulnerability within ultralytics/actions. This issue, identified by researcher Adnan Khan in August 2024, allowed threat actors to submit malicious pull requests that triggered the retrieval and execution of payloads on macOS and Linux systems. The compromised pull requests originated from a GitHub account named openimbot, linked to the OpenIM SDK.

The injected payload was an XMRig cryptocurrency miner, but experts point out that the impact could have been much worse if more damaging malware, such as backdoors or remote access trojans, had been used.

In response, ComfyUI, which depends on Ultralytics, updated its manager to warn users about the affected versions. Users are urged to upgrade to the latest version, which includes a fix to secure the package’s publication workflow.

With more sophisticated attacks targeting the software supply chain, the risk of hidden threats in trusted libraries is rising. As more developers rely on tools like GitHub Actions, the focus on securing these environments becomes increasingly critical. The real question is: How can we safeguard the software development lifecycle before more dangerous threats emerge?

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.