An international coalition of law enforcement agencies, including the FBI and Europol, has successfully dismantled "First VPN," a virtual private network widely used by hackers, and arrested its administrator. [1]
According to an FBI alert, the service was highly popular within the cybercrime ecosystem, providing infrastructure for "at least" 25 ransomware gangs to conceal their malicious activities. Beyond ransomware, threat actors utilized First VPN to scan the internet, manage botnets, execute distributed denial-of-service (DDoS) attacks, and run large-scale financial scams across 27 countries. [1, 2]
Europol stated that the platform specifically catered to criminal hackers by offering hidden infrastructure and anonymous payment methods alongside encrypted connections. The service had become deeply embedded in global cybercrime, appearing in nearly every major multi-national investigation supported by Europol in recent years. [1]
First VPN actively marketed itself on underground Russian-speaking cybercrime forums, promising strict no-log policies to ensure total anonymity. Despite these marketing claims, investigators managed to breach and acquire the service's internal user database. This breakthrough exposed thousands of active users and allowed authorities to send notifications to hackers informing them that they have been identified. [1, 2, 3, 4, 5]
The coordinated takedown resulted in the dismantling of dozens of servers and the complete disruption of First VPN’s core infrastructure. Authorities revealed that the successful operation was the culmination of a complex, long-term investigation that originally began in December 2021. [1, 2]
