Operation Saffron, a joint effort led by authorities from France and the Netherlands with support from Europol, the UK’s National Crime Agency (NCA), and cybersecurity firm Bitdefender, successfully dismantled a popular virtual private network (VPN) used by cyber criminals for illegal activities like data exfiltration, ransomware attacks, and fraud.
First VPN, a service heavily favored by Russian-speaking threat actors, was a key tool in concealing malicious online activities from law enforcement. The operators of First VPN provided services such as anonymized payments and hidden infrastructure to enable cyber criminals to operate with impunity. However, the takedown of First VPN in Operation Saffron has disrupted their operations and removed a crucial layer of protection they relied on for anonymity.
Bitdefender expressed satisfaction with the outcome of the operation, highlighting the importance of collaboration between public and private sectors in combating illegal online activities. Operation Saffron also sends a clear message to cyber criminals that they cannot hide behind the dark web and remain anonymous when targeted by international law enforcement efforts.
This operation marked the first time Bitdefender Labs’ virtual Draco Team unit participated in a counter-VPN action, adding to their track record of successful operations against cyber threats such as botnets and ransomware gangs.
The operation, which took place on 19 and 20 May, resulted in the arrest of First VPN’s administrator in Ukraine, the dismantling of 33 servers, and the seizure of multiple domain names associated with the service. The investigation leading to the takedown spanned over four years and provided valuable intelligence on cyber criminals using the VPN service.
Industry experts, including John Watters from iCounter and Michael Jepson from CybaVerse, emphasized the significance of disrupting the infrastructure that supports cybercrime. By targeting not only individual criminals but also the services that enable their activities, law enforcement can disrupt entire networks of criminal operations and prevent further attacks.
The successful takedown of First VPN in Operation Saffron demonstrates the effectiveness of collaborative efforts in combating cybercrime and sends a strong message to cyber criminals that their illegal activities will not go unpunished.
