Three police operations strike Crimenetwork, Manson Market and MATRIX criminal platform

Threat Discovery Telsy TS WAY Cyber Threat Intelligence

Threat Discovery is an editorial space of Telsy and TS-WAY dedicated to in-depth analysis in cyber threat intelligence at the global level.

The information reported is the outcome of the collection and analysis work done by TS-WAY specialists for the TS-Intelligence platform.

In this article we provide details of three separate international police operations revealed in early December that led to the seizure of two online criminal markets and a messaging platform designed for illegal activities.

 

Online marketplace Crimenetwork seized

Telsy intelligence bitcoinOn Dec. 3, 2024, the Frankfurt am Main Public Prosecutor’s Office, the Federal Criminal Police Office (BKA), and the Central Office for Combating Cybercrime (ZIT) announced the deactivation of the servers of the Crimenetwork platform and the arrest of one of the administrators.

Crimenetwork, active since 2012, was considered the largest German-language online marketplace for the underground economy, with over 100,000 users and more than 100 sellers. It is believed to have provided support for the exchange of illegal goods and services, particularly stolen data, illicit substances and forged documents.

Between 2018 to 2024, Crimenetwork recorded profits of at least 1,000 BTC (at the time, about 90 million euros) and more than 20,000 XMR (at the time, about 3 million euros). The platform operators were reserving commissions of between 1% and 5 %of the value of sales.

Authorities seized evidence, vehicles, and cryptocurrencies worth about €1 million.

 

Criminal network that populated Manson Market dismantled

Twenty-four hours later from that first publication, the Lower Saxony Public Prosecutor’s Office and the Central Office for Cybercrime at the Prosecutor’s Office in Verden, Germany, have made public an investigation that uncovered a sophisticated network responsible for facilitating large-scale online fraud.

Telsy intelligence creditoThe operation-led by Germany, in close cooperation with Europol and police forces from Austria, the Czech Republic, Finland, the Netherlands, and Poland-began in the fall of 2022, following reports of a vishing campaign in which fraudsters posed as bank employees and aimed to extort sensitive information, such as addresses, dates of birth, or answers to security questions.

Criminals also exploited a complex network of fraudulent trading platforms that directed buyers to phishing sites where personal and banking information was exfiltrated.

This information was then traded on Manson Market, a platform designed to facilitate the selection of data of interest by potential buyers. Specifically, to maximize revenue, sellers would make customized data packages available to customers.

Manson Market also operated through the freestuffbymanson channel-activated in a popular legitimate messaging service-where stolen credit card details were shared for free.

Infrastructure connected to the market and fake online stores was dismantled in Germany, Finland, the Netherlands, and Norway. Law enforcement seized more than 50 servers and managed to collect more than 200 terabytes of digital evidence. Two individuals suspected of connections to Manson Market were arrested in Germany and Austria on European arrest warrants and are in custody.

 

MATRIX criminal messenger deactivated

Also on Dec. 3, Europol and the Dutch Police notified the deactivation of a sophisticated encrypted messaging service called MATRIX, which has nothing to do with the open source and decentralized protocol of the same name, which continues to operate in perfect legality.

MATRIX (aka Mactrix, Totalsec, X-quantum and Q-safe) was discovered in 2021 by Dutch authorities on the phone of an individual convicted of the murder of journalist Peter R. de Vries and is described as a solution created by criminals for criminal use.

Telsy intelligence matrixThe service provided communications protected by end-to-end encryption and the ability to surf the Internet anonymously. Its infrastructure consisted of more than 40 servers, located in several European countries, the most important of which were in France and Germany.

Would-be users could take out a six-month subscription-at prices ranging between 1,300 and 1,600 euros-only if invited and given a phone on which the application was installed.

The operation was conducted by a joint investigation team (JIT) involving French and Dutch Authorities, with support from Eurojust and Europol. The Operational Task Force (OTF), established in June 2024, involved the Netherlands, France, Lithuania, Italy, Germany, and Spain. Searches and arrests took place in France, Spain, and the Netherlands.

Investigators hacked MATRIX servers and monitored users’ messages for three months. Overall, more than 2.3 million messages in 33 languages were intercepted and decrypted, many of them related to serious crimes such as international drug trafficking, arms trafficking and money laundering.

In addition, assets worth more than 15 million euros were seized and a Lithuanian national, the alleged owner and operator of the service, and a Dutchman who allegedly actively participated in the service for a limited time, were arrested.

An estimated 8,000 users were activated globally. A “splash page” notifying the outcome of the operation was sent on the phones intercepted by the Police.

 

Telsy and TS-WAY

Telsy_TS WAYTS-WAY is a company that develops technologies and services for medium and large-sized organizations, with a unique in Italy for cyber threat intelligence expertise. Founded in 2010, TS-WAY has been part of Telsy since 2023.

Is configured as an effective extension of the client organization, supporting the in-house team for intelligence and investigation activities, cyber incident response, and systems security verification activities.

TS-WAY’s experience is internationally recognized and is corroborated by large private organizations in finance, insurance, defense, energy, telecommunications, transportation, and technology, and by government and military organizations that have used the services of this Italian company over time.

 

TS-WAY’s Services and Solutions

With several vertical teams of security analysts and researchers with technical and investigative expertise, and internationally recognized experience, TS-WAY provides all the assistance needed to align an organization’s security program with its risk management objectives.

Its services offer a preventive and comprehensive approach to security to protect clients’ assets and business continuity.

Its technology solutions transform global threat data into strategic, tactical, operational, and technical intelligence.

 

TS-Intelligence

TS-Intelligence_Telsy_Platform-2TS-Intelligence is a proprietary, flexible, and customizable solution that provides organizations with a detailed risk landscape.

It is presented as a Web-usable, full-API platform that can be operated within an organization’s defensive systems and infrastructure, to strengthen protection against complex cyber threats.

Constant research and analysis on threat actors and emerging networked threats, both in APT and cybercrime, produces a continuous information flow of an exclusive nature that is made available to organizations in real-time and processed into technical, strategic, and executive reports.

 

Learn more about TS-WAY’s services.