Based off of what I am reading it sounds like two of them were in either the US or Finland. Tarasov has not been caught and remains at large.

Where they screwed up was they essentially tried to rebrand Blender.io as Sinbad.io using the same infrastructure which was seized in Finland. Blender had been sanctioned by the US back in 2022 for allowing the Lazarus Group to launder their proceeds from the Axie hack so relaunching it was clearly a crime. Not to mention it was easily traced from what I can tell.