Summary5 min read

Risky Bulletin: Europol Arrests Massive Credit Card Fraud Ring

Podcast: Risky Bulletin – Host: risky.biz
Episode Date: November 7, 2025
Prepared by: Catalyn Kimpanu, Read by Claire Airdrop

Episode Overview

This episode covers major global cybersecurity news, with a primary focus on Europol's arrest of a credit card fraud ring embedded in German payment service providers. Additional stories span international cybercrime, high-profile scams, law enforcement crackdowns, tech company controversies, and industry developments.

Key Discussion Points & Insights

1. Europol Arrests 18 Linked to Credit Card Fraud Ring (00:04)

Story: Europol arrested 18 suspects for orchestrating a credit card scam charging roughly €50/month to individual's cards by subscribing them to fake pornography, dating, and streaming sites.
The ring has been active since 2016, netting over €300 million illegally.
Notably: Five arrestees were payment service provider executives who allegedly enabled fraudsters to use their networks for a fee.
Insight: The incident highlights how legitimate financial service infrastructure can be exploited at high organizational levels.

Quote (Claire, 00:21):

“Five of those detained held executive roles at German payment service providers. Europol says the executives let the fraudsters use their company networks in exchange for a fee.”

2. Meta Profits from Scam Ads (01:04)

Findings: About 10% of Meta’s annual revenue—over $16 billion—comes from advertisements selling banned products or scams, per Reuters.
Meta often charged higher fees to known scammers rather than suspending their accounts.
Action on scams mainly occurred when regulatory scrutiny seemed imminent.

Quote (Claire, 01:31):

“Meta would just charge higher fees to known scammers rather than block their accounts. The report also said Meta executives agreed to only address scams when there was a likelihood of regulatory action.”

3. UK Takes Action on Phone Number Spoofing (02:03)

By 2026, UK mobile carriers will block calls from spoofed international numbers, combatting scam calls impersonating UK phone numbers.
New technology will assist law enforcement in tracking scammers.

4. China Sentences Cybercrime Figures to Death (02:27)

Five members of the Bai crime family sentenced to death in China for running cyberscam operations from Myanmar.
Other family members received life or long-term prison sentences.
Similar sentences issued in September to the Ming crime family for related crimes.

5. European and Middle Eastern Cybercrime Developments (02:55)

Georgia: German national arrested for involvement in a scam group operating call centers across Europe and Israel, netting $275 million.
- The group was exposed by 32 media outlets in March.
Iraq: Police arrested a 14-year-old who reportedly extorted children via Roblox, leading to multiple suicides across Arab countries.

Disturbing Detail:

“The victims were pressured into acts of sexual self-harm, animal abuse and suicide. Thirty children across several Arab countries took their own lives.” (Claire, 03:40)

6. South Korean Telco KT Concealed Second Breach (04:14)

KT secretly tried to clean up BPF door malware detected on 43 servers, not reporting it to authorities.
The breach was uncovered during a government probe of an earlier security issue involving fraudulent micropayments.

7. Dutch Broadcaster Knocked Offline by Hack (04:45)

RTV Nord suffered a breach: website defacement, login outages, manual DJ operation for hours.
Incident underscores media infrastructure vulnerability.

8. UK Retailer Marks & Spencer Hit by Breach Losses (05:13)

April breach led to £136 million profit drop compared to previous year.
Executives project business recovery by March 2026.

9. Romance Scam Gang Busted (05:38)

Five Cambodians arrested in Vietnam, connected to scams run from Bavet.
Gang targeted South Koreans, stealing $3.2 million.
Arrest followed cross-border law enforcement collaboration.

10. Capital One Hacker Sentence Reinstated (06:03)

Paige Thompson’s original sentence (time served plus five-year probation) stands.
US court had pushed for more prison time, but the judge ruled incarceration would prevent access to gender transition care, justifying leniency.

11. Malicious NuGet Packages Target Databases and Industrial Systems (06:35)

Socket Security found packages published in 2023-24 set to trigger destructive behavior in 2027-28.
Eight packages randomly shut down databases, while a ninth disables industrial PLCs.

12. Gootloader Botnet Returns (07:08)

After a year of inactivity, Gootloader resumes campaigns using SEO poisoning to direct victims to malware.
Now used for malware and ransomware deployment.

13. Chinese-linked Linux Backdoor Identified (07:32)

V Shell backdoor linked to UNC5174, per Nvizo researchers.
Google previously connected the group to China’s Ministry of State Security.

14. Russian Military Hackers Deploy New Wipers in Ukraine (07:52)

Sandworm group used new STING and 0 LOT wipers against Ukrainian government, energy, logistics, and agriculture.
Believed to be part of strategy to weaken Ukraine’s economy.

15. Google’s Acquisition of Wiz Clears DOJ Review (08:09)

Google’s $32 billion acquisition of Israeli cloud security startup Wiz expected to close in 2026 following antitrust approval.

16. Chrome Autofill Now Supports IDs (08:28)

Google Chrome can autofill government-issued IDs like passports and driver’s licenses; more types coming soon.

Notable Quotes & Memorable Moments

“Meta would just charge higher fees to known scammers rather than block their accounts.” (Claire, 01:31)
“The victims were pressured into acts of sexual self-harm, animal abuse and suicide. Thirty children across several Arab countries took their own lives.” (Claire, 03:40)
“The telco discovered the BPF door malware on 43 servers and tried to clean it up without notifying authorities.” (Claire, 04:14)

Segment Timestamps

| Section | Timestamp | |------------------------------------------------------|-----------| | Europol Credit Card Ring Arrests | 00:04 | | Meta Scam Ad Revenue | 01:04 | | UK Blocks Spoofed Call Numbers | 02:03 | | Cyber Scam Convictions in China | 02:27 | | Georgia & Iraq Cybercrime Stories | 02:55 | | South Korean Telco Breach | 04:14 | | Dutch Broadcaster Hacked | 04:45 | | Marks & Spencer Breach Impact | 05:13 | | Cambodia-Vietnam Romance Scam Bust | 05:38 | | Paige Thompson Sentence | 06:03 | | Malicious NuGet Packages Found | 06:35 | | Gootloader Botnet’s Return | 07:08 | | Chinese-linked Linux Backdoor | 07:32 | | Russian Wipers in Ukraine | 07:52 | | Google-Wiz Acquisition Approved | 08:09 | | Chrome Autofill Updates | 08:28 |

Tone and Language

The reporting style is concise, factual, and neutral, with occasional stark language underscoring the seriousness of incidents (e.g., Meta's revenue motives; disturbing outcomes in child exploitation and scam death sentences). The podcaster maintains a rapid, informative cadence, typical of cybersecurity news briefings.

Summary

This episode provides a broad yet detailed synthesis of global cybersecurity events, focusing on major investigative breakthroughs and new threats while contextualizing commercial and technical developments across the industry. Whether dealing with high-level fraud, regulatory responses, or evolving threat landscapes, the Risky Bulletin delivers clear, impactful updates valuable for industry professionals and engaged listeners alike.

Loading summary

Transcript1 lines

[00:04]
A
Payment service provider executives arrested over a credit card fraud ring Meta makes a fortune showing scam ads South Korean telco KT tried to hide a second breach and five more scammers are sentenced to death in China. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire airdrop. Today is the 7th of November and this podcast episode is brought to you by Sublime Security, an email security platform that's not a black box. In today's top story, 18 suspects have been arrested over their roles in credit card fraud. The group stole credit card details and subscribed owners to fake pornography, dating and streaming websites. Individual cards were charged about euro 50amonth. The scheme netted the group more than 300 million euros since it began in 2016. The five of those detained held executive roles at German payment service providers. Europol says the executives let the fraudsters use their company networks in exchange for a fee. In other news, roughly 10% of Meta's annual revenue comes from advertisements selling banned products or scams, according to Reuters. The company made more than $16 billion from shady ads last year, according to internal documents cited by Reuters. Meta would just charge higher fees to known scammers rather than block their accounts. The report also said Meta executives agreed to only address scams when there was a likelihood of regulatory action. UK mobile carriers will start blocking calls from spoofed phone numbers in 2026. The companies will flag incoming international calls to prevent scammers from impersonating UK phone numbers. The telcos will also roll out new technology to assist law enforcement with track scammers. Five people have been sentenced to death in China for operating cyberscam compounds in Myanmar. Five others were handed life sentences, while nine more have been incarcerated for up to 20 years. All were members of the Bai crime family. In September, 11 members of the Ming crime family were also sentenced to death for similar crimes. Georgian authorities have arrested a German national over his involvement in online scams. The suspect was an alleged member of the scam empire. The group made more than $275 million through its call centres in Eastern Europe, Israel and Georgia. In March, a joint investigation by 32 media outlets exposed the group. Iraqi police have arrested a 14 year old boy over an extortion campaign that led to the suicide of several children. He's accused of recruiting victims via the game Roblox and luring them to online communities that he operated. The victims were pressured into acts of sexual self harm, animal abuse and suicide. Thirty children across several Arab countries took their own lives. South Korean telco KT hid details of a second security breach this year. The telco discovered the BPF door malware on 43 servers and tried to clean it up without notifying authorities. The breach was found during a government investigation into an earlier security incident that involved fraudulent micropayments. A cyber attack has disrupted the TV and radio transmissions of a Dutch broadcaster. Hackers defaced the website of RTV Nord and employees were unable to log in. Radio DJs had to change CDs by hand until systems were restored. The hack occurred on Thursday morning and the impact lasted several hours. British retailer Marks and Spencer reported a drop in its annual profits due to its security breach in April. The company's mid year profits were down by 136 million pounds compared to the same period last year. Executives expect profitability to return to normal by March next year. Five Cambodian nationals have been arrested in Vietnam over their roles in romance scams. The suspects were part of a gang that operated out of the Cambodian city of Bavet. They fled to Vietnam after a recent government crackdown on scam compounds. South Korea requested the arrests after the group scammed its residents out of $3.2 million. The original sentence of Capital One hacker Paige Thompson has been reinstated. Thompson was sentenced to time served and a five year probation period in 2022. In March this year, a US appeals court vacated that sentence for being too lenient and prosecutors requested a seven year prison term. The judge said the original sentence would stand because Thompson would not receive the appropriate gender transition medical care while incarcerated. Socket Security has discovered malicious NuGet packages designed to sabotage databases and industrial control systems. The packages were published in 2023 and 2024. They're designed to run malicious code after specific trigger dates in 2027 and 2028. Eight of the packages target database systems and have a 20% chance of shutting down the databases after the trigger date. The ninth package targets industrial PLCs after June. 6. This package will block PLCs from writing new data, rendering them inoperable. The Gootloader botnet has returned with new campaigns after more than a year of inactivity. The botnet is continuing to use SEO poisoning to redirect traffic to malicious sites. The sites infect users with malware. Bootloader is then used to deploy other malware, including multiple strains of ransomware. Security researchers have linked a new Linux backdoor to a cyber contractor for the Chinese state security firms, Nvizo said. The V Shell was first spotted in August and is the work of a group tracked as UNC5174. Google has previously linked the group to China's Ministry of State Security. Russian military hackers have deployed new data wipers in Ukraine. The Sandworm group targeted government agencies as well as companies in Ukraine's energy, logistics and grain sectors. Payloads included two new data wipers, STING and 0 LOT ESET. Researchers believe the attacks were designed to weaken Ukraine's economy. The US Department of Justice has approved Google's acquisition of Israeli cloud security company Wiz. Google agreed to acquire Wiz in March for $32 billion and entered an antitrust review in June. The deal is expected to close in 2026. And finally, Google has updated Chrome's autofill feature to support government issued IDs. The browser will be able to remember and autom fill in passport data and driver licenses. The company plans to add support for more data types in the coming months. And that is all for this podcast edition. Today's show was brought to you by our sponsor Sublime Security. Find them at Sublime Security thanks to your company.