Main points
- An 18-year-old Ukrainian from Odessa stole the data of tens of thousands of users of an American online store in California using malicious software.
- Law enforcement officers from Ukraine and the United States conducted a joint operation, stopping the activities of an attacker who compromised 28,000 accounts and caused significant financial losses.
An 18-year-old Odessa resident organized a hacking scheme against users of an online store in California / Collage 24 Channel / Magnific
Ukrainian cyber police, together with their American colleagues, have exposed an 18-year-old youth who used a spyware virus to steal the data of tens of thousands of users. The attacker operated from Odessa, and his target was a popular online store in California.
A large-scale joint operation by law enforcement agencies has stopped the activities of an attacker who managed to gain access to a huge amount of confidential information, reports BleepingComputer. As a result of his actions, 28,000 accounts were compromised, and the main target of this cyberattack was the customers of one of the online stores located in California.
How does a data-stealing virus work?
The basis of this criminal scheme was the use of a specific malicious software – infostealer. It is a kind of digital spy, the purpose of which is to collect the victim's data and transfer it to the hacker.
To carry out the criminal scheme, the attackers used malicious software of the “infostealer” type, which imperceptibly infected users' devices, collected credentials and transferred them to servers controlled by the attackers. The information obtained was then processed and sold through specialized online resources and Telegram bots,
– commented on the cyber police website.
When such a program gets on a computer or smartphone, it silently prowls the system, collecting saved passwords, bank card details, browser history and other personal information, and then silently sends it all to its owner. It's like an invisible thief standing behind you, recording everything you type on your keyboard.
This is the tool the defendant used to massively steal data from American buyers between 2024 and 2025, operating from Ukraine. In total, the defendant used 5,800 of the entire list of hacked profiles to make unauthorized purchases totaling approximately $721,000.
The source states that the direct losses are $250,000. It is unclear why there is such a difference, but we can assume that the victims noticed the purchases they did not make in a timely manner and canceled them in a timely manner.
Cyberpolice detain suspect / Photo Cyberpolice
Cyberpolice detain suspect / Photo Cyberpolice
Of particular concern was the theft of “session data.” These digital fingerprints allowed the hacker and his as-yet-unnamed accomplices to log into victims' accounts without entering their usernames and passwords, and in some cases even bypass two-factor authentication (MFA) checks.
NORDIS is a Scandinavian brand that develops modern heating and cooling systems with an emphasis on quality and energy-saving technologies. Modern design, quiet operation and simple control ensure comfort in everyday use – regardless of the season.
He played a key role
The role of the 18-year-old Odessan in this structure was key: he served as the administrator of the network infrastructure necessary for the processing and sale of stolen data. Financial settlements between the participants in the scheme were carried out using cryptocurrency services, which was supposed to ensure the anonymity of transactions. However, Ukrainian specialists managed to track down the suspect thanks to close cooperation with colleagues from the United States.
Cyber police check the suspect's computer / Photo Cyber police
During two authorized searches at the addresses of the defendant in Odessa, investigators seized a significant amount of physical evidence. Among the confiscated property were mobile phones, computer equipment, bank cards, and electronic media. In particular, the police officers gained access to server activity logs, email accounts used to change the parameters of hacked profiles, and accounts on cryptocurrency exchanges.
The suspect has now been identified, and all digital evidence has been submitted for examination for further formation of an indictment.
You may also be interested in learning: How international cooperation helps expose large-scale cybercrimes and apprehend hackers
Joint efforts between law enforcement agencies from different countries are a key tool in combating transnational cyber threats, as attackers are often thousands of kilometers away from their immediate victims.
For example, thanks to the coordinated work of detectives from the United States, Germany and Ukraine, it was possible to expose a large-scale hacking network that attacked American corporations, blocked their servers and demanded ransoms in cryptocurrency. This operation proved that even clearly organized groups with a division of roles cannot operate in the shadows with impunity if international forces unite against them.
This is not the first time that individual Ukrainian hackers have come into the sights of world intelligence agencies due to the development and distribution of dangerous software. The scale of such crimes forces international institutions to declare a global wanted list and attract enormous resources to neutralize them. In particular, Europol has included a 28-year-old Ukrainian citizen in the list of the most dangerous fugitives, and the USA has offered a record reward for his arrest, because this Ukrainian has become one of the most wanted criminals in the EU – due to causing billions of dollars in losses to global companies with the help of ransomware viruses.
Read about other cases in Ukraine and the world
In addition to high-tech hacker attacks, law enforcement agencies are actively eliminating other links to digital crime that threaten financial and information security both in Ukraine and abroad:
- Large-scale fraudulent networks: In the Dnipropetrovsk region, security forces exposed large-scale call centers with over 1,500 jobs, whose operators used harsh psychological pressure to defraud people around the world, offering fake investments.
- Information sabotage: To destabilize society, the enemy often uses fake accounts on social networks. Recently, a bot farm with 20,000 accounts was liquidated in Zhytomyr, which the organizer created to sell to Russian special services for the purpose of spreading propaganda and fake mines.
- Legalization of illicit proceeds: Criminals often exploit people's vulnerable situations to launder money. For example, during a joint operation in Spain and Ukraine, it was revealed that Ukrainian refugees were being used in a fraudulent scheme, opening bank accounts for them to conduct millions of transactions on gambling platforms.