Overview
The sophistication of cybercrime has forced law‑enforcement agencies worldwide to coordinate increasingly publicised operations. Yet, no single source has aggregated these actions into a cohesive picture. This article summarises a newly built dataset of 418 publicly announced law‑enforcement activities from 2021 to mid‑2025, collected and enriched by Orange Cyberdefense.
Dataset Highlights
Each entry records the type of enforcement action (arrest, extradition, takedown, seizure, sanction, etc.), the illicit activity targeted (extortion, malware, hacking, espionage, fraud, money laundering, etc.), and contextual details such as involved agencies, offender age and nationality when available.
Top Criminal Acts Targeted
- Extortion (including ransomware) – most frequently addressed
- Installation/Distribution of Malware
- Unauthorized Access / Hacking
- Cyber Espionage
- Dark‑Web Marketplace / Infrastructure
- Fraud
- Data/Information Trafficking
- Cryptocurrency Misuse
- Money Laundering
These three categories (extortion, malware, hacking) account for the majority of law‑enforcement focus.
Enforcement Action Distribution
- Arrests – 29% (largest share)
- Takedowns – 17%
- Charges – 14%
- Sentences – 11%
- Sanctions – 7% (steady increase)
- Seizures – 4%
Arrests dominate across most crime types, especially cyber‑extortion (22 arrests) and hacking (19 arrests). Takedowns are strongly linked to dark‑web sites and malware infrastructure, while sanctions are mainly tied to state‑aligned espionage operations.
Geographic Participation
- United States – primary participant in ~45% of actions (DOJ, FBI)
- Core EU cluster – Germany, United Kingdom, France, Spain, Netherlands, Ukraine, Russia
- Other notable contributors – Australia, Singapore, Japan, Nigeria
EU agencies (Europol, Eurojust) illustrate a coordinated cross‑border approach.
Offender Demographics
Age groups with the most data:
- 18‑24 years – diverse, technically oriented (hacking 30%, data theft & DDoS 10% each)
- 25‑34 years – profit‑driven (data theft 21%, extortion 14%, malware 12%)
- 35‑44 years – highest diversity; extortion 22%, malware 19%, espionage 13%, hacking 10%, money laundering 7%
Nationality (365 cases): Russian (23%), American (11%), Chinese (11%), Ukrainian (9%), North Korean (5%). The top five nationalities represent 58% of identified offenders.
Public‑Private Collaboration
Private organizations appear among the top three participants, with 74 distinct companies supporting operations. This underscores the essential role of public‑private partnerships in cybercrime disruption.
Conclusions
The dataset shows an increasingly active and diversified global response to cybercrime. Law‑enforcement actions focus on financially motivated crimes (extortion, ransomware, malware) while also targeting enablers such as dark‑web infrastructure and money‑laundering channels. The United States leads in visibility, but Europe, Asia and other regions contribute substantially. Offender profiles reveal a shift from exploratory hacking in younger adults to profit‑oriented extortion and espionage in older cohorts. Public‑private cooperation is now a cornerstone of effective disruption.