Official FBI Cyber Division X. Submit tips at tips.fbi.gov. Public info may be used for authorized purposes: justice.gov/doj/privacy-poli…
- Tweets 157
- Following 64
- Followers 12,944
- Likes 2
Today, the FBI and DOJ announced that Carlos Javier Padron was sentenced to 6.5 years in prison for his role in a nationwide ATM jackpotting scheme. His co-defendant, Oddry Arnoldo Cabrera Torrealba, was sentenced on June 11 to 6.5 years in prison. Padron and Torrealba were part of a sophisticated criminal network who conspired to develop and deploy Ploutus malware, which was used to steal millions of dollars from ATMs across the U.S. The investigation has established extensive links between the indicted co-conspirators and Tren de Aragua (TdA), a violent transnational criminal organization operating throughout the Western Hemisphere and within the U.S.
This action is part of Operation Riptide, an ongoing FBI campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people.
Learn more about the @FBIOmaha investigation: justice.gov/opa/pr/two-illeg…
ALT Seal of the Federal Bureau of Investigation with a blue background and gold trim.
10
32
115
5,110
FBI Cyber Division retweeted
From disrupting cybercriminal infrastructure through initiatives like Operation Riptide to investigating nation-state threats and online fraud schemes, #FBI Norfolk cyber professionals are on the front lines defending our nation in the cyber domain.
This week, we connected with the next generation of cyber talent at a local college recruiting event.
Your skills can help protect critical infrastructure, safeguard American innovation, and bring cybercriminals to justice.
Learn more at fbijobs.gov
15
2
11
589
Earlier this week, the U.S. Department of State announced a reward of up to $10 million for information on UNC5792, a malicious cyber group associated with the Russian Federal Security Service (FSB) Border Guards and UNC4221, a malicious group of cyber actors working on behalf of the Russian military services. rewardsforjustice.net/reward…
Following that announcement, today, the FBI and CISA issued an updated PSA on the targeting of commercial messaging applications (CMAs) by the Russian Intelligence Services (RIS). Russian FSB officers embedded with the FSB Border Guards and others working on behalf of the Russian military services, publicly tracked as UNC5792 and UNC4221, continue to target current and former U.S. and international government officials, military personnel, political figures, journalists, and key officials located in Ukraine. The threat actors have compromised individual CMA accounts, but not the CMA’s encryption or the application itself.
RIS cyber threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims’ Backup Recovery Keys. For more information on the scheme and how you can protect yourself, read the FBI’s #PSA: ic3.gov/PSA/2026/PSA260626
In collaboration with DOJ, the FBI seized 26 internet domains associated with this activity.
ALT Public Service Announcement alerting that Russian intelligence targets commercial messaging apps, dated June 26, 2026.
ALT Reward offered up to $10 million for info on Russian hackers targeting U.S. officials' Signal and WhatsApp accounts.
12
71
175
13,808
FBI Cyber Division retweeted
This week, cybersecurity experts from FBI Honolulu, CyberHawaii, and other agencies presented at the 4th annual Hawaii Cybersecurity Conference. This two-day conference brought together Hawaii-based organizations and consumers to learn how to prepare against cyber threat actors and emerging cybersecurity threats.
The FBI’s discussions focused on Operation Riptide–an ongoing, coordinated law enforcement campaign targeting criminal actors and the key services they rely on, such as their infrastructure, their tools and services, their communications, and their money.
👉Learn about cyber-enabled crime, view recent announcements, and report suspected cybercrime at ic3.gov/
ALT FBI Honolulu Special Agent in Charge David Porter addresses an audience seated at tables in a conference room with a large projection screen behind him.
3
2
13
575
FBI Cyber Division retweeted
#FBI Nashville Special Agent in Charge Terence Reilly spoke with @FOXNashville this morning about Operation Riptide, an ongoing, coordinated law enforcement campaign targeting criminal actors and the key services they rely on - their infrastructure, their tools and services, their communications platforms, and their money.
Under @FBIDirectorKash, the #FBI has prioritized taking the fight to international criminal enterprises, executing large-scale data and asset seizures to recover billions of dollars lost to online fraud.
In recent weeks, the #FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, and dismantling criminal infrastructure.
Cybercrime carries real-world consequences, and the #FBI remains committed to disrupting malicious cyber activity and holding cybercriminals accountable.
Learn more about Operation Riptide: piped.video/watch?v=3WqOP2iL…
ALT FBI Nashville Special Agent in Charge Terence Reilly standing for a live in studio interview with FOX17 Nashville anchors. There is a city skyline backdrop.
53
62
362
25,095
On June 9, the FBI kicked off Operation Riptide, our ongoing, coordinated campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people. During the last two weeks, the FBI, working alongside domestic and international partners, executed multiple disruptive actions in support of Operation Riptide.
➡️@FBICleveland, in coordination with private sector partners, conducted a technical takedown operation against Outsider, a Chinese phishing-as-a-service platform.
➡️As the result of an investigation by @FBI_Nashville, @FBISanDiego, and @FBIElPaso, a Conti ransomware actor pleaded guilty to wire fraud conspiracy in connection with a scheme that infected more than 1,000 computers and networks worldwide.
➡️@FBIBoston announced their support of the international takedown of the First VPN service, used to compromise businesses in the U.S. and around the world.
➡️We joined international law enforcement partners in announcing the disruption of SocGholish malware.
This is only the beginning—we will continue identifying, disrupting, and dismantling the networks that support cybercrime and victimize Americans.
ALT Circular emblem featuring a stylized blue eagle head with red stripes and digital wave patterns, encircled by stars and the text 'Operation Riptide No Safe Harbor'.
60
210
784
45,839
Yesterday, the UK’s National Crime Agency (NCA) announced that Thalha Jubair and Owen Flowers, members of the Scattered Spider criminal group, pled guilty to conducting a cyberattack against the computer network of Transport for London.
Scattered Spider is a prolific criminal group that engages in data extortion and other criminal activities, utilizing social engineering techniques and SIM swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication. Last year, the FBI announced its own charges against Jubair for his alleged participation in Scattered Spider’s sweeping extortion scheme.
The FBI will continue to work with our global law enforcement partners to investigate cybercriminal actors, disrupt their activities, and hold them accountable.
Learn more: nationalcrimeagency.gov.uk/n…
ALT Seal of the FBI featuring a shield with stars and stripes, surrounded by a blue ring with 'Department of Justice' and 'Federal Bureau of Investigation' text.
35
87
283
23,802
Today the FBI and DOJ announced the seizure of a cloud computing account used by subsidiaries of the Cambodia-based Huione Group. These subsidiaries are alleged to have assisted individuals and organizations move proceeds of cryptocurrency investment frauds, cyber scams, and other criminal activities across cryptocurrency blockchains and to convert those illicit gains into the legitimate banking system undetected. Law enforcement traced cyber-enabled fraud proceeds to cryptocurrency addresses attributed to the Huione Group, where the funds were then laundered further.
This action is part of Operation Riptide, an ongoing FBI campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people.
Read more about the @FBISanFrancisco investigation: justice.gov/opa/pr/justice-d…
ALT Justice Department announces seizure of backend infrastructure linked to Huione Group's money laundering operations.
ALT Circular emblem featuring a stylized blue eagle head with red stripes and the text 'Operation Riptide No Safe Harbor' around the border.
36
77
235
14,974
FBI Cyber Division retweeted
The FBI's commitment to defending the homeland extends beyond getting violent criminals off our streets -- it also means protecting our infrastructure and communities via the cyber landscape. #FBIChicago is playing a critical role in Operation Riptide. This 60-day, coordinated law enforcement campaign targets criminal actors, the key services they rely on, and their infrastructure, to include, tools and services, communications platforms, and money.
By presenting at events like the pictured Society of Information Management Cyber Threat Landscape 2026 Summit, FBI personnel work to ensure that threat trends, warning signs, and safety procedures are widely shared with community partners and private-sector industries.
Your safety is our priority. To learn more about Operation Riptide, visit ow.ly/9QXB50Zfl5g.
#OperationRiptide #Cyber #Partnerships
ALT FBI's Operation Riptide seal with slogan "No Safe Harbor"
ALT FBI Chicago SSA Carrie Crot presenting at the Society of Information Management Cyber Threat Landscape 2026 Summit
2
8
19
1,388
FBI Cyber Division retweeted
#FBIAlbany was incredibly proud to host InfraGard's Northeast and Midwest Regional Leadership Summit!
ASAC Hunter was especially grateful for the opportunity to speak with the group about Operation Riptide, an ongoing #FBI campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people.
These partnerships are vital to our success and we're so thankful to everyone who made the trip to Albany to participate in these invaluable conversations.
@InfraGardAlbany @InfraGardNatl
ALT A diverse group of professionals seated around a large conference table in a meeting room with FBI Albany city on the wall.
ALT Group of InfraGard members posing inside the FBI Albany Field Office lobby under the agency's sign.
6
5
8
1,279
Today the FBI released a #PSA warning the public about cyber criminal use of traffic distribution systems (TDSs) to gain access to victim networks for ransomware or other financial scams. Cyber criminals use TDS to bypass traditional firewall rules that would otherwise block connections to malicious websites, and to analyze potential victims for targeting by collecting their IP address, operating system, location, device, and browser information. After driving users to a TDS, often through various social engineering techniques, cyber criminals can exploit users’ devices at the end of the TDS redirection chain by delivering phishing pages, financial scams, and other malware.
Learn more about how the scam works and review recommendations on how to protect yourself: ic3.gov/PSA/2026/PSA260618
ALT Public service announcement warning about cyber criminals redirecting users to fraudulent websites using malicious traffic distribution systems.
35
97
224
17,293
Today, as part of Operation Endgame, the FBI joins our international law enforcement partners in announcing the disruption of SocGholish malware. SocGholish, active since 2018, is a Java-script based malware that masquerades as a legitimate browser update via compromised websites. The malware establishes an initial foothold into victim computers, collectively known as a botnet, and is then used by threat actors for further targeting with ransomware campaigns and espionage. As part of the operation, 106 servers and domains were taken down, 14,971 websites were remediated, the botnet was disabled, and victims were notified.
This action is part of Operation Riptide, an ongoing FBI campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people.
Learn more: politie.nl/en/news/2026/juni…
ALT Chess pieces of a white queen and a digital dissolving black knight symbolize strategic conflict in Operation Endgame.
111
482
1,627
101,243
FBI Cyber Division Assistant Director (AD) Brett Leatherman joined the McCrary Institute’s Cyber Focus podcast for a wide-ranging conversation on the FBI’s use of law enforcement authorities, intelligence, public-private partnerships, and court-authorized technical operations to disrupt adversaries, help victims, and defend U.S. critical infrastructure. AD Leatherman discussed the rise of agentic AI in ransomware, China-linked threats to operational technology and critical infrastructure, Operation Winter SHIELD, supply-chain risk, and why early victim reporting can help the FBI move upstream against cyber adversaries. He also discussed Operation Masquerade, explaining why privately owned routers, edge devices, and small networks can become valuable infrastructure for foreign intelligence services and criminal groups and what the FBI is doing to deter threat actors.
Listen to the full episode 👉 mccraryinstitute.com/cyber-f…
8
14
49
6,319
Today, the FBI and DOJ announced that Oleksii Oleksiyovych Lytvynenko pleaded guilty to wire fraud conspiracy in connection with Conti, a ransomware variant that infected more than 1,000 computers and networks worldwide. Lytvynenko conspired with others to deploy Conti ransomware to extort victims and steal their data. The FBI and our partners will continue to relentlessly pursue those responsible for cybercrimes, regardless of where they operate, and bring them to justice.
Read more about the FBI’s investigation: justice.gov/opa/pr/ukrainian…
26
108
271
16,221
This week on Ahead of the Threat, the #FBI Cyber podcast, Richard Horne, CEO of the UK’s National Cyber Security Centre, joins Assistant Director (AD) Brett Leatherman for a discussion on cyber threats and practical advice for companies looking to secure themselves against malicious cyber attacks. piped.video/watch?v=9VyDoFxN…
In this episode’s Top Three Segment, AD Leatherman and #FBI London Cyber Assistant Law Enforcement Attaché Kathryn Sherman discuss the role of FBI personnel stationed overseas in advancing the cybersecurity mission. They question whether a company could operate without its IT for four weeks, noting that if they could not, they were not ready for a ransomware attack. They also dive into the role of private-public partnerships, the burnout of professionals defending networks coupled with the psychologically traumatic effects of being a victimized company, and a reflection on this year’s CyberUK conference, hosted by the NCSC.
Find all episodes and transcripts 👉 fbi.gov/news/podcasts/ahead-….
ALT Title screen for podcast episode featuring Richard Horne in Season 2, Episode 7 titled 'Ahead of the Threat'.
16
44
115
13,709
This week, @FBICleveland, in coordination with Google and Lumen's Black Lotus Labs, conducted a technical takedown operation against Outsider, a Chinese phishing-as-a-service platform (PhaaS) that has been in operation since 2023. The Outsider platform provides cyber criminals with access to infrastructure hosting phishing website files and resources via “phishing kits” and are used to carry out complex phishing attacks against U.S. citizens and companies, as well as victims in at least 54 other countries.
The FBI's investigation revealed that between July 2023 and the present, the Outsider PhaaS platform employed over 8,000 unique phishing domains, accounting for at least an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9B in losses.
Through a joint takedown, the FBI and partners: seized several domains of main admin servers, as well as a Shopify e-commerce storefront and account used to test the phishing service; approximately $100K USDT from Outsider payment wallets; thousands of phishing domains from U.S. providers, rerouting them to an FBI splash page; and leveraged an Outsider Telegram bot to obtain information on Outsider customers.
This action is part of Operation Riptide, an ongoing FBI campaign targeting the criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud against the American people.
ALT FBI Cyber Division warns criminals use AI to impersonate trusted brands and defraud victims, emphasizing collaboration with Google to combat fraud.
16
87
224
22,496
The FBI’s Kinetic Cyber Range in Huntsville, Alabama, resembles a small town with everything a small town has. But despite its size, it plays a massive role in preparing the next generation of cyber investigators for real world situations and the real obstacles they will face in the field.
Read more about the FBI’s Kinetic Cyber Range at fbi.gov/news/stories/inside-….
59
142
867
99,722
FBI Cyber Division retweeted
🌊#BREAKING: As part of Operation Riptide, an ongoing #FBI campaign targeting criminals, infrastructure, and the financial networks behind cyber-enabled crime and fraud against the American people, #FBI Boston has supported the international takedown of the First VPN Service used by ransomware actors to compromise businesses here in the U.S. and around the world.
Why? Because the increase in #cybercrime threatens the financial security, personal safety, and national interests of all Americans.
Learn more about FBI Boston's work ➡️ow.ly/BOpL50Z9yiE
ALT Statement from FBI Boston's Special Agent in Charge Ted Docks on Boston's support in the international takedown of First VPN Service used by ransomware actors to compromise businesses worldwide.
27
64
212
9,424
Today, the FBI is announcing Operation Riptide, an ongoing, coordinated law enforcement campaign targeting cybercriminal actors and the key services they rely on—their infrastructure, their tools and services, their communications platforms, and their money. Operation Riptide is a collective effort that implements the priorities set out in Executive Order 14390 and the National Cyber Strategy.
In recent weeks, the FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, and dismantling criminal infrastructure.
This marks the beginning of a focused, sustained 60-day national effort. Cybercrime carries real-world consequences, and the FBI remains committed to disrupting malicious cyber activity and holding cybercriminals accountable.
284
669
3,467
507,614
Alongside many of FBI Cyber Division’s trusted industry, US government, and international partners, Deputy Assistant Director Todd Hemmen participated last week in the Paris Cyber Summit 2026, stressing the need for continued international collaboration to impose costs on cyber adversaries. He highlighted the FBI’s joint operational successes with Europol and international partners and discussed how the cyber threat landscape will evolve in response to continued advances to AI.
ALT Five men, including FBI DAD Todd Hemmen, in formal suits standing on a red carpeted stage with European Union and French flags behind them.
ALT FBI DAD Todd Hemmen and two other men in business attire engaged in a panel discussion on stage with a laptop and microphone visible.
29
43
161
16,782