TL;DR

Law enforcement agencies across multiple countries have taken down a criminal VPN service believed to be secure by its users. The operation resulted in arrests, server dismantling, and the sharing of intelligence to support ongoing investigations.

European and international law enforcement agencies have successfully dismantled a criminal VPN service, arresting its administrator and seizing servers, after a years-long investigation. The operation revealed that users believed themselves to be protected, but authorities found and exploited vulnerabilities in the VPN infrastructure to gather intelligence and support ongoing cybercrime investigations.

According to Europol, the operation targeted the domain names 1vpns.com, 1vpns.net, 1vpns.org, and associated onion sites. Authorities conducted house searches in Ukraine, interviewed the administrator, and dismantled 33 servers linked to the service. The FBI noted that the VPN infrastructure was used to scan for open ports, services, and network configurations, potentially facilitating password spraying and brute-force attacks on exposed systems such as SSH, RDP, and web applications. Europol stated that the operation produced 83 intelligence packages and shared information on 506 users internationally, supporting 21 ongoing investigations. The coordinated actions involved authorities from France, the Netherlands, Luxembourg, Romania, Switzerland, Ukraine, and the UK, with support from multiple other countries including the US and Canada. The investigation, which started in December 2021, gained momentum in November 2023 after increased cooperation facilitated by Eurojust, leading to the joint operation in May.

Why It Matters

This development underscores the ongoing efforts by law enforcement to target cybercriminal infrastructure that users may mistakenly believe to be secure. Disrupting such VPN services can prevent further cyberattacks, data breaches, and illicit activities, while also exposing users who relied on these tools for anonymity. The operation highlights the importance of international cooperation in cybercrime enforcement and the potential consequences for users of criminal VPNs.

Privacy Tools in the Age of AI: Practical Strategies with VPNs, Secure DNS, Private Relay and Intelligent Defenses (Build Your Own VPN)

Privacy Tools in the Age of AI: Practical Strategies with VPNs, Secure DNS, Private Relay and Intelligent Defenses (Build Your Own VPN)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

The investigation into this VPN service began in December 2021, amid rising concerns over cybercrime facilitated by anonymizing networks. Europol’s announcement confirms that the operation represents a significant step in dismantling criminal infrastructure that exploited VPN technology to evade detection. The operation’s success follows years of intelligence gathering and coordination among multiple jurisdictions, culminating in the dismantling of servers and arrest of the administrator in May 2026.

“With the infrastructure dismantled and the administrator under arrest, investigators across multiple jurisdictions are now using the intelligence gathered to support ongoing cybercrime investigations worldwide.”

— Europol

“VPN infrastructure may be used to enumerate systems within a target network following initial access, and exit nodes can facilitate password spraying or brute-force attempts against exposed services.”

— FBI

“Support from Eurojust helped French and Dutch authorities work closely together, exchange evidence and information, and decide on a prosecutorial strategy.”

— Europol

TunnelBear VPN, Unlimited Devices, 1-Year Subscription, VPN Software for Internet Privacy, Unlimited Data, Digital Download

TunnelBear VPN, Unlimited Devices, 1-Year Subscription, VPN Software for Internet Privacy, Unlimited Data, Digital Download

A MORE SECURE AND PRIVATE WAY TO BROWSE THE WEB – Protect your data with powerful VPN encryption…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

While authorities have publicly disclosed the dismantling of the VPN service and the arrest of its administrator, details about the full extent of user activity, specific cybercrimes facilitated, and the identity of all affected users remain unclear. The precise technical vulnerabilities exploited and the full scope of ongoing investigations are still emerging.

McAfee Total Protection 3-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download

McAfee Total Protection 3-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download

DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

Next steps include ongoing analysis of seized data, further international investigations into users and related infrastructure, and potential prosecutions. Authorities will likely continue monitoring for related cybercriminal activities and may issue additional notices to affected users.

VXSCAN Network Cable Tester, Wire Fault Finder for Cat5, Cat6, 5e, 6e, Locate The Breakage Point, Length Measurement, Continuity Checking with 8 Remote Units

VXSCAN Network Cable Tester, Wire Fault Finder for Cat5, Cat6, 5e, 6e, Locate The Breakage Point, Length Measurement, Continuity Checking with 8 Remote Units

【Accurate Measurement】 This network cable tester performs continuity testing to help you quickly verify if your cable is…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What was the VPN service used for?

It was used by cybercriminals to hide their activities, scan networks, and facilitate attacks like password spraying and brute-force attempts on exposed services.

Are users of this VPN service now at risk?

Users have been notified that the service was shut down and that they have been identified, but specific risks depend on individual activity and whether their data was compromised.

It is not yet clear if authorities will pursue prosecutions against individual users, but the investigation continues and more details may emerge.

What does this mean for other VPN services?

This demonstrates that law enforcement is actively targeting malicious VPN infrastructure, which could lead to increased scrutiny and disruptions of similar services.

Source: Ars Technica

You May Also Like

Microsoft’s Xbox to Cut 3,200 Jobs, Divest Five Studios in Major Overhaul

Microsoft’s Xbox division plans to eliminate 3,200 jobs and divest five game studios as part of a major restructuring, confirmed by Bloomberg sources.

Meta’s CTO says morale is almost ‘the worst it’s ever been’

Meta’s CTO has publicly stated that employee morale is approaching its lowest point, raising concerns about internal stability amid ongoing company challenges.

ShinyHunters · The New APT Model.

ShinyHunters has evolved into a scalable, AI-enabled extortion collective operating as a distributed APT, marking a shift from traditional threat actors.

CTOs Are Escaping

Senior CTOs and technical leaders are shifting from traditional SaaS companies to Anthropic, seeking hands-on roles in AI model development and research.