TL;DR
Law enforcement agencies across multiple countries have taken down a criminal VPN service believed to be secure by its users. The operation resulted in arrests, server dismantling, and the sharing of intelligence to support ongoing investigations.
European and international law enforcement agencies have successfully dismantled a criminal VPN service, arresting its administrator and seizing servers, after a years-long investigation. The operation revealed that users believed themselves to be protected, but authorities found and exploited vulnerabilities in the VPN infrastructure to gather intelligence and support ongoing cybercrime investigations.
According to Europol, the operation targeted the domain names 1vpns.com, 1vpns.net, 1vpns.org, and associated onion sites. Authorities conducted house searches in Ukraine, interviewed the administrator, and dismantled 33 servers linked to the service. The FBI noted that the VPN infrastructure was used to scan for open ports, services, and network configurations, potentially facilitating password spraying and brute-force attacks on exposed systems such as SSH, RDP, and web applications. Europol stated that the operation produced 83 intelligence packages and shared information on 506 users internationally, supporting 21 ongoing investigations. The coordinated actions involved authorities from France, the Netherlands, Luxembourg, Romania, Switzerland, Ukraine, and the UK, with support from multiple other countries including the US and Canada. The investigation, which started in December 2021, gained momentum in November 2023 after increased cooperation facilitated by Eurojust, leading to the joint operation in May.
Why It Matters
This development underscores the ongoing efforts by law enforcement to target cybercriminal infrastructure that users may mistakenly believe to be secure. Disrupting such VPN services can prevent further cyberattacks, data breaches, and illicit activities, while also exposing users who relied on these tools for anonymity. The operation highlights the importance of international cooperation in cybercrime enforcement and the potential consequences for users of criminal VPNs.
Unlock & Reset Tool for Ubiquiti® UniFi® Access Points & Cameras
Fast & Hassle-Free Removal – No more struggling with hard-to-release Ubiquiti access points.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
The investigation into this VPN service began in December 2021, amid rising concerns over cybercrime facilitated by anonymizing networks. Europol’s announcement confirms that the operation represents a significant step in dismantling criminal infrastructure that exploited VPN technology to evade detection. The operation’s success follows years of intelligence gathering and coordination among multiple jurisdictions, culminating in the dismantling of servers and arrest of the administrator in May 2026.
“With the infrastructure dismantled and the administrator under arrest, investigators across multiple jurisdictions are now using the intelligence gathered to support ongoing cybercrime investigations worldwide.”
— Europol
“VPN infrastructure may be used to enumerate systems within a target network following initial access, and exit nodes can facilitate password spraying or brute-force attempts against exposed services.”
— FBI
“Support from Eurojust helped French and Dutch authorities work closely together, exchange evidence and information, and decide on a prosecutorial strategy.”
— Europol
Mullvad VPN | 12 Months for 5 Devices | No-Log Security VPN Service | Protect Your Privacy
PRIVACY-FIRST VPN: This 12-month Mullvad VPN code gives you a full year of privacy protection without monthly renewals….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
While authorities have publicly disclosed the dismantling of the VPN service and the arrest of its administrator, details about the full extent of user activity, specific cybercrimes facilitated, and the identity of all affected users remain unclear. The precise technical vulnerabilities exploited and the full scope of ongoing investigations are still emerging.
Deeper Connect Mini(2026 Version) Decentralized VPN Router Lifetime Free for Travel Home Enterprise-Level Cybersecurity Wi-Fi Router with Dual Antennas Wi-Fi Adapter
1. True VPN Router – Network Protection for Every Device: This VPN router secures your entire homenetwork at…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Next steps include ongoing analysis of seized data, further international investigations into users and related infrastructure, and potential prosecutions. Authorities will likely continue monitoring for related cybercriminal activities and may issue additional notices to affected users.
Optimal Shop Network Cable Tester Test Tool RJ45 RJ11 RJ12 CAT5 CAT6 UTP USB LAN Wire Ethernet
100% new network tester, with LED lights and micro-power supply interface.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What was the VPN service used for?
It was used by cybercriminals to hide their activities, scan networks, and facilitate attacks like password spraying and brute-force attempts on exposed services.
Are users of this VPN service now at risk?
Users have been notified that the service was shut down and that they have been identified, but specific risks depend on individual activity and whether their data was compromised.
Will there be legal consequences for users?
It is not yet clear if authorities will pursue prosecutions against individual users, but the investigation continues and more details may emerge.
What does this mean for other VPN services?
This demonstrates that law enforcement is actively targeting malicious VPN infrastructure, which could lead to increased scrutiny and disruptions of similar services.
Source: Ars Technica
