KrebsOnSecurity.com Marks 16 Years of Cybersecurity Vigilance: 2025’s Biggest Takedowns and Emerging Threats

From Bulletproof Hosts to Billion-Dollar Crypto Heists: A Year of Cyber Comeuppance

As KrebsOnSecurity.com celebrates its 16th anniversary, we reflect on a year marked by significant victories against cybercrime enablers and the emergence of new, sophisticated threats that continue to challenge our digital world.

The Fall of Stark Industries Solutions: A Bulletproof Host Brought to Its Knees

In May 2024, our investigation into Stark Industries Solutions Ltd. exposed a “bulletproof hosting” provider that emerged just two weeks before Russia’s invasion of Ukraine. This entity served as a primary staging ground for Kremlin cyberattacks and disinformation campaigns, leveraging cloud infrastructure to evade detection.

Our deep dive into Stark’s operations revealed a complex web of shell companies and network assets designed to facilitate state-sponsored cybercrime. The European Union responded with sanctions against Stark and its co-owners in 2024, but our follow-up investigation in September 2025 uncovered how the company continues to operate under new branding, demonstrating the persistent challenge of combating cybercrime infrastructure.

Cryptomus: The $176 Million Lesson in Cryptocurrency Regulation

December 2024 saw KrebsOnSecurity profile Cryptomus, a Canadian-registered financial firm that had become the payment processor of choice for dozens of Russian cryptocurrency exchanges and cybercrime service providers. Our investigation revealed how Cryptomus facilitated the conversion of illicit cryptocurrency gains into traditional banking systems, effectively laundering millions in cybercrime proceeds.

The consequences were swift and severe. In October 2025, Canadian financial regulators imposed a record $176 million fine against Cryptomus for gross violations of anti-money laundering laws. This landmark penalty sends a clear message to financial institutions about the importance of robust compliance measures in preventing cybercrime.

The LastPass Connection: When Password Managers Become Attack Vectors

Our September 2023 investigation into six-figure cyberheists revealed a disturbing pattern: thieves were cracking master passwords stolen from LastPass during a 2022 breach. Researchers concluded that these compromised credentials were being used to drain cryptocurrency wallets and execute sophisticated financial fraud.

The findings gained even more significance in March 2025 when U.S. federal agents investigating a $150 million cryptocurrency heist reached the same conclusion, linking the massive theft directly to the 2022 LastPass compromise. This case highlights the cascading effects of data breaches and the critical importance of robust password management practices.

Voice Phishing: The Human Element in Modern Cybercrime

Throughout 2025, KrebsOnSecurity exposed the operations of several voice phishing gangs that specialized in elaborate cryptocurrency theft schemes. Our investigation “A Day in the Life of a Prolific Voice Phishing Crew” revealed how these criminal organizations abused legitimate services from Apple and Google to execute their schemes.

These gangs leveraged sophisticated social engineering techniques, using automated phone calls, system-level messages, and carefully crafted emails to convince victims to transfer cryptocurrency assets. The financial devastation caused by these operations underscores the ongoing importance of user education and awareness in cybersecurity.

The Chinese SMS Phishing Syndicate: Google’s Legal Counteroffensive

Nearly half a dozen stories in 2025 focused on the persistent SMS phishing campaigns originating from China-based phishing kit vendors. These operations specialized in converting phished payment card data into mobile wallets for Apple and Google, creating a sophisticated ecosystem for financial fraud.

In response, Google filed at least two John Doe lawsuits targeting these groups and dozens of unnamed defendants, representing a significant escalation in the tech industry’s efforts to combat cybercrime infrastructure. This legal strategy aims to disrupt the operations of these phishing syndicates by targeting their online resources and financial infrastructure.

Funnull: When Content Delivery Networks Enable Crime

Our January 2025 investigation into Funnull, a sprawling content delivery network, revealed how this entity specialized in helping China-based gambling and money laundering websites distribute their operations across multiple U.S.-based cloud providers. This “infrastructure laundering” technique allowed criminal operations to blend in with legitimate internet traffic.

The U.S. government responded in May 2025 by sanctioning Funnull, identifying it as a top source of investment/romance scams known as “pig butchering.” These scams, which typically involve building trust with victims before convincing them to invest in fraudulent cryptocurrency schemes, have become increasingly sophisticated and financially devastating.

Heartsender: The Persistence of Phishing Infrastructure

May 2025 saw Pakistan arrest 21 individuals alleged to be working for Heartsender, a phishing and malware dissemination service that KrebsOnSecurity first profiled in 2015. These arrests came shortly after the FBI and Dutch police seized dozens of servers and domains associated with the group.

Interestingly, many of those arrested were first publicly identified in a 2021 story here about how they’d inadvertently infected their computers with malware that gave away their real-life identities. This case demonstrates the long-term investigative value of cybersecurity journalism and the importance of persistent monitoring of criminal infrastructure.

The Academic Cheating Empire: When Education Meets Cybercrime

Our December 2025 investigation revealed an academic cheating empire turbocharged by Google Ads that earned tens of millions of dollars in revenue. This operation had curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.

This story highlights the complex interconnections between different forms of cybercrime and the ways in which seemingly legitimate businesses can be used to facilitate illicit activities. It also raises questions about the role of advertising platforms in enabling cybercrime services.

The Botnet Wars: Aisuru, Kimwolf, and the Evolution of DDoS Attacks

2025 was marked by unprecedented distributed denial-of-service (DDoS) attacks that dwarfed previous records. In May, KrebsOnSecurity was hit by the largest DDoS attack that Google had ever mitigated at the time, reaching nearly 6.3 terabits per second.

These massive attacks were attributed to an Internet-of-Things botnet called Aisuru, which had rapidly grown in size and sophistication since its debut in late 2024. However, recent analysis suggests that much of the disruptive activity attributed to Aisuru may have actually been the work of people testing a powerful new botnet called Kimwolf.

Chinese security firm XLab, which was the first to chronicle Aisuru’s rise, recently profiled Kimwolf as easily the world’s biggest and most dangerous collection of compromised machines, with approximately 1.83 million devices under its control as of December 17, 2025. XLab noted that the Kimwolf author “shows an almost ‘obsessive’ fixation on the well-known cybersecurity investigative journalist Brian Krebs, leaving easter eggs related to him in multiple places.”

Looking Forward: The Kimwolf Threat and Beyond

As we enter 2026, KrebsOnSecurity is preparing an in-depth series on the origins of Kimwolf and its highly invasive means of spreading digital disease. The first installment will include a global security notification concerning the devices and residential proxy services that are inadvertently helping to power Kimwolf’s rapid growth.

This investigation represents the kind of deep, technical journalism that has defined KrebsOnSecurity for 16 years. By exposing the mechanisms behind these threats, we hope to empower users, security professionals, and policymakers to better defend against them.

Viral Tags and Phrases

• Cybersecurity comeuppance
• Bulletproof hosting takedown
• $176 million crypto fine
• LastPass password breach
• Voice phishing cryptocurrency theft
• Chinese SMS phishing syndicate
• Infrastructure laundering
• Pig butchering scams
• Academic cheating empire
• 6.3 Tbps DDoS attack
• Aisuru botnet evolution
• Kimwolf botnet exposed
• 1.83 million infected devices
• Brian Krebs easter eggs
• IoT device security
• Residential proxy services
• Cybercrime infrastructure disruption
• State-sponsored cyberattacks
• Cryptocurrency money laundering
• Academic fraud and drones
• Google Project Shield protection
• Cybersecurity journalism impact
• Global security notification
• 2025 cybercrime roundup
• 16 years of cybersecurity vigilance

,