European authorities have successfully dismantled a notorious virtual private network service known as First VPN, which had become a favored tool among cybercriminals for concealing their activities. The operation, spearheaded by France and the Netherlands with support from Europol, Eurojust, and eight other countries, led to the arrest of the alleged administrator in Ukraine and the seizure of 33 servers and multiple domains associated with the service. First VPN was widely promoted on Russian-speaking cybercrime forums and had been linked to numerous high-profile cybercrime investigations.
Europol's European Cybercrime Centre's head, Edvardas Šileris, emphasized that cybercriminals had long used this VPN service to operate under the radar, believing it provided them anonymity from law enforcement. The takedown of First VPN dismantles a significant protective layer on which these criminals relied. Intelligence gathered during the operation has already identified thousands of users connected to cybercrime activities, potentially linking them to ransomware attacks and fraud schemes.
Following the seizure, users of First VPN were notified about the shutdown and informed that their identities are now known to authorities. This development marks a significant blow to cybercriminal networks and highlights the effectiveness of international collaboration in combating cybercrime. The intelligence gathered is now being utilized to support 21 additional investigations across various jurisdictions, showcasing the far-reaching impact of this operation. Investigations into First VPN began in earnest in November 2023, with evidence shared among 16 countries to bolster data analysis efforts and aid ongoing inquiries.


