GoKawiilA virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation.
Authorities have seized dozens of First VPN servers located in 27 countries, arrested the administrator, and conducted a house search in Ukraine.
The VPN service was advertised on various cybercrime forums as a privacy-focused VPN that does not log user data and ignores law enforcement requests for user information.
VPN tools encrypt users’ traffic and hide their real IP addresses. While they are used legitimately to protect privacy on public WiFi, bypass censorship, reduce tracking, and enable secure remote work, threat actors also rely on them to hide their location and infrastructure.
Depending on the region they operate in, VPN providers may be legally required to comply with law enforcement requests and hand over any data they retain for criminal investigations.
According to Europol, the name of the service came up in almost every major cybercrime investigation the agency supported. Europol says that First VPN names have been shut down.
Seizure notice published on a First VPN website
Source: BleepingComputer
The investigation into the service started in December 2021 and was led by the French and Dutch authorities, who formed a joint investigation team in November 2023.
At some point, the investigators infiltrated the VPN infrastructure before it went offline and collected traffic data that enabled them to identify users of the service.
... continue reading