An international coalition of law enforcement agencies has successfully dismantled First VPN, a virtual private network service that was heavily utilized by cybercriminals. The operation resulted in the arrest of the VPN's administrator and the disruption of its infrastructure.
The FBI reported that at least 25 ransomware gangs relied on First VPN to mask their illegal activities. This service was not only used for ransomware attacks but also for scanning the internet, managing botnets, executing distributed denial-of-service (DDoS) attacks, and conducting scams. First VPN operated servers in 27 countries.
Criminal Services Offered: First VPN provided various features tailored for cybercriminals, including:
- Anonymous connections
- Anonymous payment options
- Hidden infrastructure
Europol highlighted that First VPN had become integral to the cybercrime ecosystem, appearing in numerous major investigations. Criminals utilized the service to conceal their identities while engaging in serious offenses such as data theft and large-scale fraud.
The VPN was actively promoted on cybercrime forums, including Russian-speaking marketplaces, where it assured users of anonymity and a lack of logs linking their activities to their identities.
Despite these assurances, Europol managed to notify users of the service's shutdown, informing them that their identities had been uncovered. This was accomplished by accessing the user database and identifying VPN connections, which revealed thousands of users connected to criminal activities.
This operation stems from an investigation that began in December 2021, leading to the arrest of the VPN's administrator and the dismantling of numerous servers.
