A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
The arrested individuals, two men and two women, are Europeans who reportedly extorted $16,000,000 worth of Bitcoin from their victims over the years.
The police operation, codenamed “Phobos Aetor,” led to coordinated raids across four locations, where laptops, smartphones, and cryptocurrency wallets were seized for forensic analysis.
The arrests were made at the request of the Swiss authorities, who have asked the Thai government to extradite the suspects.
According to local media reports, the four hackers are said to have conducted ransomware attacks against at least 17 Swiss companies between April 2023 and October 2024.
During the attacks, the threat actors breached corporate networks to steal data and encrypt files. The threat actors then demanded payments in cryptocurrency to provide the decryption keys and prevent the public release of data.
The ransom payments were laundered on cryptocurrency mixing platforms, making it harder for law enforcement to track their final wallet.
8Base dark web sites seized
Today, the dark web sites for the 8Base ransomware operation were also seized in what appears to be the same operation.
The 8Base ransomware gang’s negotiation and data leak sites now show a seizure message stating, “THIS HIDDEN SITE HAS BEEN SEIZED. This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg.”
The seizure message also indicates that “Operation Phobos Aetor” involved Thailand, Romania, Bavaria, Germany, Switzerland, Japan, USA, Europol, Czechia, Spain, France, Belgium, and the United Kingdom
BleepingComputer has confirmed that both the 8Base operation’s data leak and negotiation sites were seized as part of the global law enforcement operation.
Source: BleepingComputer
8Base is a ransomware group that launched operations in March 2022, using the Phobos malware family in its attacks.
The threat group’s activity culminated in May 2023, but it has generally remained active even in early 2025, announcing 29 victims so far.
Some high-profile victims of the group include Nidec Corporation, a Japanese tech giant with a revenue of $11 billion, and the United Nations Development Programme (UNDP).
