KrebsOnSecurity Turns 16: A Milestone in Cybersecurity
▼ Summary
– KrebsOnSecurity celebrated its 16th anniversary, highlighting a 2025 theme of “comeuppance” for entities enabling global cybercrime.
– The site’s investigative reporting led to sanctions and fines against key enablers like Stark Industries, Cryptomus, and Funnull for facilitating cyberattacks, money laundering, and scams.
– Major coverage areas included phishing/smishing operations, the fallout from the 2022 LastPass breach, and the takedown of long-running services like Heartsender.
– The site and the internet faced record-breaking DDoS attacks from botnets like Aisuru, which later evolved into the massive Kimwolf botnet focused on proxy services.
– KrebsOnSecurity announced upcoming 2026 investigations into the Kimwolf botnet’s origins and its invasive spread, while thanking readers for their support.
KrebsOnSecurity.com marks its sixteenth year as a leading voice in cybersecurity journalism, a milestone made possible by its dedicated readership. The past year has been defined by a powerful theme of accountability, with investigative efforts focused on exposing the complex global networks that enable cybercrime. This work has directly contributed to significant regulatory actions and sanctions against key enablers, demonstrating the tangible impact of thorough, persistent reporting.
One major investigation centered on Stark Industries Solutions Ltd., a bulletproof hosting provider that launched just before Russia’s invasion of Ukraine. This service became a critical hub for Kremlin-linked cyberattacks and disinformation campaigns. While the European Union later sanctioned the company and its owners, follow-up reporting revealed these penalties have done little to stop their operations. The proprietors have simply rebranded and shifted substantial network assets to other entities under their control.
The site also profiled Cryptomus, a Canadian-registered financial firm that served as the preferred payment processor for numerous Russian cryptocurrency exchanges and cybercrime service websites targeting Russian speakers. In a significant enforcement action, Canadian regulators ruled in late 2025 that Cryptomus had committed gross violations of anti-money laundering laws, resulting in a record-breaking fine of $176 million.
Research into a series of high-value cyberheists traced the attacks back to the 2022 breach of the password manager LastPass. Thieves allegedly cracked stolen master passwords, leading to losses across dozens of victims. This conclusion was later corroborated in a March 2025 U.S. federal court filing related to a separate $150 million cryptocurrency theft investigation.
Phishing operations received extensive coverage, including a deep dive into the daily workings of voice phishing gangs that execute convincing and costly cryptocurrency scams. Another series of reports dissected the relentless wave of SMS phishing, or “smishing,” originating from China-based phishing kit vendors. These kits simplify the process of converting stolen payment card data into mobile wallets from major tech companies. In response, Google has initiated multiple John Doe lawsuits in an attempt to dismantle these syndicates.
Earlier this year, the site highlighted the Funnull content delivery network, a sprawling service that helped Chinese gambling and money laundering sites distribute their infrastructure across U.S. cloud providers. Months later, the U.S. government sanctioned Funnull, identifying it as a primary source of “pig butchering” investment and romance scams.
Long-running investigations also saw results, such as the arrest in Pakistan of 21 individuals allegedly linked to the Heartsender phishing service, a group first profiled by KrebsOnSecurity a decade ago. The arrests followed server seizures by international law enforcement, and many of those detained had been previously identified after accidentally infecting their own computers with malware that revealed their real identities.
The site continues to monitor the world’s most disruptive botnets, which unleashed distributed denial-of-service (DDoS) attacks this year at unprecedented scale. In June, KrebsOnSecurity.com itself was targeted by the largest DDoS attack Google had ever mitigated at that time. Experts attributed the assault to the Aisuru botnet, a rapidly growing network of compromised Internet of Things devices. Subsequent attacks attributed to Aisuru repeatedly shattered previous size records.
By October, it seemed the criminals behind Aisuru had pivoted from DDoS attacks to a more profitable venture: renting out hundreds of thousands of infected IoT devices to proxy services that anonymize malicious traffic. However, recent analysis suggests that some of the disruptive activity blamed on Aisuru may actually be the work of a separate, even more powerful botnet known as Kimwolf. A Chinese security firm now profiles Kimwolf as the world’s largest and most dangerous botnet, controlling approximately 1.83 million devices. Intriguingly, the botnet’s author appears to have an “obsessive” fixation on journalist Brian Krebs, embedding related easter eggs within the malware.
Upcoming reporting for 2026 will delve into the origins of the Kimwolf botnet and its highly invasive propagation methods. The first story in this series will include an important global security notification concerning devices and residential proxy services unknowingly contributing to Kimwolf’s expansion.
The ongoing work at KrebsOnSecurity is supported directly by its audience. Readers who value the content are encouraged to consider allowing ads on the site, which are limited to a handful of static, in-house vetted images with no third-party content. Additionally, signing up for the plain-text email newsletter ensures immediate notification of new stories, with a commitment to privacy and no surveys or promotions.
Thank you for another year of readership and support. Here’s to a safer new year for everyone.
(Source: Krebson Security)
