Operation Phobos Aetor takes down 8Base; Russian operators arrested in Phuket
Russian-speaking ransomware-as-a-service operation that emerged in 2022 as a Phobos affiliate, deploying a modified Phobos encryptor with double-extortion tactics. Targeted small and medium-sized bus…
Summary
International operation coordinated by the U.K. NCA, FBI, Europol, and police agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand seized 8Base's leak site and negotiation infrastructure. Four European nationals (two men, two women) were arrested in Phuket; Russian nationals Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39) were named as the operators of 8Base / Affiliate 2803. Japan's NPA subsequently released a free decryptor for 8Base / Phobos victims. The action was the largest multi-jurisdiction Phobos-affiliate takedown to date, ending an operation that had claimed 1,000+ victims and an estimated $16M in extortion proceeds.