The suspects, aged 27-29, are accused of extorting over 1,000 victims worldwide, causing financial damages exceeding US$16 million (more than B545mn), police reported.
The operation, carried out yesterday (Feb 10), was led by CCIB Commander Pol Lt Gen Trairong Phiwpaen alongside senior officers from the Immigration Bureau and Region 8 Police.
Officers from the three branches of Royal Thai Police raided locations in Muang and Thalang Districts, apprehending the four Russian nationals and seizing over 40 pieces of evidence, including mobile phones, laptops and digital wallets.
According to Pol Lt Gen Trairong, the arrests followed an urgent request from the Swiss government and the United States, which sought Thailand’s cooperation in extraditing individuals involved in international cybercrime.
The US has cited its charges as conspiracy to commit an offense against the United States and conspiracy to commit wire fraud, said an official report of the raids.
The suspects, who were under international police warrants, had entered Thailand and operated as part of a transnational criminal organisation, Lt Gen Trairong said.
Lt Gen Trairong did not name the four suspects. While some reports of the raids said that all four suspects arrested were men, photos of the arrests provided by the CCIB showed what appeared to two men and two women arrested.
Investigations revealed that between Apr 30, 2023 and Oct 26, 2024, the group used the Phobos ransomware to attack at least 17 companies in Switzerland.
The hackers accessed and encrypted critical data, demanding ransom payments in cryptocurrency in exchange for decryption keys. Victims who refused to pay were subjected to further threats, including warnings of data leaks or sales.
Authorities also discovered that the suspects used Ming-Service, a cryptocurrency mixing service, to obscure transaction trails on the blockchain, making it difficult to track illicit payments. The global scope of the attacks resulted in financial damages amounting to over US$16 million, Lt Gen Trairong noted.
Following extensive investigations, the CCIB pinpointed the suspects’ hideout in Phuket. A coordinated operation with immigration and local law enforcement led to their swift capture. The suspects now face charges including conspiracy to commit an offense against the United States and conspiracy to commit wire fraud.
Officials have confirmed ongoing legal proceedings for their extradition and further investigation into their criminal network. Lt Gen Trairong did not clarify whether the four will be extradited to either Switzerland or the United States.