A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation.
According to Poland’s Central Cybercrime Bureau, officers found hacking tools, credentials, payment card numbers, and server IP addresses on the unnamed suspect’s devices during a search.
They also discovered that the suspect had exchanged messages with the Phobos ransomware group.
While authorities have not shared details about his potential role in the Phobos operation, the brief description from the Central Cybercrime Bureau suggests he may have been an affiliate rather than an operator.
The Phobos ransomware-as-a-service operation emerged in 2019. In early 2024, the US government warned critical infrastructure organizations about attacks.
The United States and Europe have since announced taking significant action against the Phobos operation.
The international law enforcement operation involved infrastructure takedowns and the arrests of several Russian nationals believed to have been key members and affiliates of the cybercrime gang.
One suspect, accused of selling, distributing, and operating the Phobos ransomware, was extradited from South Korea to the US in late 2024.
According to authorities, more than 1,000 organizations around the world have been targeted in Phobos ransomware attacks and the cybercriminals are believed to have obtained over $16 million in ransom payments.
Related: Ukrainian Nefilim Ransomware Affiliate Extradited to US
Related: US Charges 31 More Defendants in Massive ATM Hacking Probe
Related: Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks
