The networks behind the networks.

Investigations into sanctions evasion, criminal infrastructure, and the offshore architectures that make them possible.

Recent Projects
Technical Research

Phishing the Sanctioned

OFAC designated Iran's four largest crypto exchanges; within days, Certificate Transparency caught a Persian-language seed-phrase phishing wave, one vertical of an industrial, bulletproof-hosted platform spanning some 60 exchanges and roughly 640 domains, ahead of every public reputation feed.

June 2026
Technical Research

A Free VPN for the Front

A free "VPN for Russian soldiers" is in fact Android spyware. We ran it in a sealed lab, followed it to a still-live, undetected C2, and mapped the APEX RENT phishing-as-a-service business and the bulletproof host behind it.

June 2026
Technical Research

14,600 and Climbing

A pre-kickoff census of the FIFA World Cup 2026 impersonation surge: the GHOST STADIUM phishing operation, a Hong Kong betting backbone, and an ecosystem that absorbed four advisories and kept growing.

June 2026
All projects →
Diego Parra

Diego Parra is the founder of CrimsonVector, an investigative research practice focused on sanctions evasion, criminal infrastructure, and the offshore architectures that enable them. Work spans both technical cyber threat intelligence and long-form investigative journalism.

More about CrimsonVector →

Get notified when new investigations are published.