First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Key Points:

• Authorities have dismantled First VPN, a criminal VPN service used by at least 25 ransomware groups to obscure their activities, including ransomware attacks and data theft.
• The operation, which involved multiple countries, resulted in the seizure of 33 servers and the arrest of the service's administrator, impacting the infrastructure that facilitated criminal activities globally.
• Organizations are advised to enhance monitoring of network traffic and investigate any potential use of similar VPN services by threat actors within their environments.

Technical Details: First VPN provided services specifically designed for criminal use, allowing anonymous payments and connections via protocols like OpenConnect and WireGuard. It accepted various payment methods including Bitcoin and offered encryption options like OpenVPN ECC.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• None mentioned