Deputy Assistant Secretary and Assistant Director of the Diplomatic Security Service for Cyber & Technology Security Bureau of Diplomatic Security

The 43-year-old Russian national ran a ransomware operation that impacted more than 1,000 victims globally. The conspiracy netted more than $39 million in extortion payments.

Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint.

The marketplace was one of the world’s largest hubs for cybercrime with more than 142,000 members. Officials identified and arrested multiple suspects after seizing the site’s database.

Researchers traced the kit moving from a spyware vendor’s customer to Russian hackers to Chinese cybercriminals.

Brett Leatherman is running the bureau's most public cyber campaign yet, pushing basic security hygiene while quietly preparing industry for stepped-up Chinese threats.

Officials said 30 perpetrators have been arrested in the past year, and global law enforcement cooperation is closing the gap.

Lesley Bernys Executive Director, DOD Cyber Crime Center & Jeffrey Hunt Global Operations Branch Chief, DOD Cyber Crime Center

Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said.

The average time from intrusion to network movement in 2025 was 29 minutes, a 65% increase in speed from the year prior.