https://crimsonvector.com Investigations into bulletproof hosting ecosystems and criminal infrastructure operators. en-us Thu, 09 Apr 2026 00:00:00 GMT https://crimsonvector.com/research/oil-shock-crisis-fraud-2026/ https://crimsonvector.com/research/oil-shock-crisis-fraud-2026/ Thu, 09 Apr 2026 00:00:00 GMT Within weeks of the Strait of Hormuz closure, threat actors registered 1,435 crisis-themed domains — impersonating government subsidies, spinning up fake oil trading platforms, and squatting on Hormuz-related keywords. dparra@crimsonvector.com (Diego Parra) infrastructure https://crimsonvector.com/research/ransomnote-blockchain-trace-2026/ https://crimsonvector.com/research/ransomnote-blockchain-trace-2026/ Thu, 26 Mar 2026 00:00:00 GMT A single Bitcoin address from an automated database ransom attack is traced through 14 investigative phases across Bitcoin and Ethereum, uncovering a 3-year criminal operation with 307 victim-facing multisig wallets and a Binance-centric circular financial loop processing 107+ BTC. dparra@crimsonvector.com (Diego Parra) infrastructure sanctions-evasion https://crimsonvector.com/research/lighthouse-smishing-syndicate-2026/ https://crimsonvector.com/research/lighthouse-smishing-syndicate-2026/ Thu, 19 Mar 2026 00:00:00 GMT Three smishing specimens received over nine days reveal real-time template evolution and operational diversification by the Lighthouse phishing kit, operated by the China-based Smishing Triad. dparra@crimsonvector.com (Diego Parra) infrastructure https://crimsonvector.com/research/starbucks-yeti-phishing-2026/ https://crimsonvector.com/research/starbucks-yeti-phishing-2026/ Sun, 08 Mar 2026 00:00:00 GMT A Starbucks Yeti Rambler lure, five layered anti-spam evasion techniques, three Namecheap broker domains, and an affiliate scareware operation — all deobfuscated from a single email that Gmail trusted enough to put front and center. dparra@crimsonvector.com (Diego Parra) infrastructure https://crimsonvector.com/research/crypto-underground-2026/ https://crimsonvector.com/research/crypto-underground-2026/ Thu, 19 Jun 2025 00:00:00 GMT How cryptocurrency, underground banking, and state-sponsored illicit finance converge — from Russia's crypto laundromats and Chinese money brokers laundering for North Korea, to an FSB spy paid in Bitcoin and a U.S.-based crypto firm funneling $530 million for sanctioned Russian banks. dparra@crimsonvector.com (Diego Parra) infrastructure sanctions-evasion