The networks behind the networks.

Independent investigations into sanctions evasion, criminal infrastructure operators, and the financial architecture of Latin American organized crime.

By Diego Parra

Latest Investigations
April 9, 2026 Infrastructure

1,435 Domains in 30 Days: How Fraud Actors Weaponized the 2026 Oil Shock

Within weeks of the Strait of Hormuz closure, threat actors registered 1,435 crisis-themed domains — impersonating government subsidies, spinning up fake oil trading platforms, and squatting on Hormuz-related keywords.

Read investigation →
March 26, 2026 Infrastructure Sanctions Evasion

From Ransom Note to Binance: Tracing a 3-Year Elasticsearch Extortion Operation Across Two Blockchains

A single Bitcoin address is traced through 14 investigative phases across Bitcoin and Ethereum, uncovering a 3-year criminal operation with 307 victim-facing multisig wallets and a Binance-centric circular financial loop processing 107+ BTC.

Read investigation →
March 19, 2026 Infrastructure

From Lighthouse to Landfall: A Billion-Dollar Chinese Smishing Syndicate Still Hitting American Inboxes

Three smishing specimens received over nine days reveal real-time template evolution and operational diversification by the Lighthouse phishing kit, operated by the China-based Smishing Triad.

Read investigation →
March 8, 2026 Infrastructure

Inside a 5-Hop Phishing Chain That Landed in My Primary Inbox

A Starbucks Yeti Rambler lure, five layered anti-spam evasion techniques, three Namecheap broker domains, and an affiliate scareware operation — all deobfuscated from a single email that Gmail trusted enough to put front and center.

Read investigation →
All investigations →
About
Diego Parra

Diego Parra

Independent investigative researcher

CrimsonVector is Diego Parra's investigative research practice.

The focus is the persistent infrastructure underneath cybercrime and financial crime: the operators, hosting ecosystems, and financial conduits that outlast individual breaches, indictments, and enforcement actions. The unit of analysis is the network, not the incident.

Three areas anchor the work: sanctions evasion and shadow finance infrastructure; bulletproof hosting and criminal infrastructure operators; and Latin American organized crime and cyber-enabled financial operations. The Latin America focus draws on Diego's background — Colombian and Mexican-American — and on the gap that bilingual primary-source research can fill in the English-language CTI literature. Italian, retained from a year spent studying in Italy, supports periodic work on European financial intermediaries.

Diego works in cybersecurity at a financial services firm in the southeastern United States. CrimsonVector is independent of that work; no employer data, telemetry, or incidents inform what's published here.

Contact

For tips, source communication, research collaboration, or speaking inquiries.

Email
dparra@crimsonvector.com
Web
crimsonvector.com

CrimsonVector does not solicit or accept paid placements, sponsored content, or advertorial work.