Operation Saffron: First VPN Dismantled in Major Cybercrime Takedown

Operation Saffron: First VPN Dismantled in Major Cybercrime Takedown

First seen 21 May 2026, 16:20 UTC Bleepingcomputerwww.politie.nlFeeds2.FeedburnerComputerweeklyInfosecurity-Magazine+24 90% similarity 76.5

Article Content

Browse articles
ThreatCluster

On May 19-20, 2026, an international law enforcement operation, dubbed Operation Saffron, successfully dismantled First VPN, a virtual private network service heavily utilized by cybercriminals for ransomware, fraud, and data theft. Led by French and Dutch authorities, with support from Europol and Eurojust, the operation resulted in the seizure of 33 servers and the arrest of the service's administrator in Ukraine. First VPN was known for providing anonymity to its users, facilitating illicit activities by masking their identities and infrastructure. The investigation, which began in December 2021, revealed that First VPN had been involved in nearly every major cybercrime investigation supported by Europol in recent years. Authorities identified and notified 506 users linked to cybercriminal activities, disseminating 83 intelligence packages to aid ongoing investigations. This operation marks a significant milestone in the fight against cybercrime, showcasing the effectiveness of international collaboration.

Key Points: • First VPN, a VPN service used by cybercriminals, was taken offline during Operation Saffron. • The operation involved 18 countries and resulted in the arrest of the service's administrator in Ukraine. • Authorities identified 506 users linked to cybercrime and shared intelligence across jurisdictions.

ThreatCluster AI

Timeline

2021-12-01
Investigation into First VPN launched
French and Dutch authorities began investigating First VPN, focusing on its use by cybercriminals.
Bitdefender
2023-11-01
Joint Investigation Team established
A Eurojust Joint Investigation Team was formed to coordinate prosecutorial strategies across jurisdictions.
Bitdefender
2026-05-19
Operation Saffron action days
Law enforcement agencies conducted coordinated actions to dismantle First VPN, seizing servers and domains.
Computerweekly
2026-05-20
First VPN administrator arrested
The administrator of First VPN was arrested during the operation, which involved multiple countries.
Techcrunch
2026-05-21
Operation Saffron announced
Europol and participating countries announced the successful takedown of First VPN, highlighting its impact on cybercrime.
Bleepingcomputer

Community

Browse all →