4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Jun 25, 2024NewsroomCyber Crime / Financial Fraud

A group of four Vietnamese nationals associated with the FIN9 cybercrime syndicate have been formally charged in the United States for their participation in a string of cyber intrusions resulting in over $71 million in economic damages to corporations.

The accused individuals, known as Ta Van Tai (also called Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (also known as Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (also known as Chung Nguyen), stand accused of executing phishing initiatives and infiltrating supply chains to carry out cyber assaults and pilfer millions of dollars.

“Between May 2018 and October 2021, the defendants infiltrated the computing infrastructures of targeted firms across the U.S. and exploited their access to acquire or attempt to acquire confidential data, employee perks, and monetary funds,” the U.S. Department of Justice asserted in an indictment made public last week.

Records from court proceedings reveal that the individuals, subsequent to successfully penetrating target networks, misappropriated gift card information, personally identifiable details, and credit card data linked to employees and clients.

They further employed the stolen information to advance their illegal ventures and circumvent detection, such as establishing online accounts with digital currency exchanges and setting up hosting servers.

“Tai, Xuyen, and Truong marketed purloined gift cards to third parties, including via an account set up under a fictitious name on a peer-to-peer digital currency marketplace, in an effort to mask and cloak the origin of the embezzled cash,” the DoJ disclosed.

All four defendants are facing charges of scheming to commit fraud, extortion, and ancillary activities related to computers; planning wire fraud; and executing malicious destruction to a shielded computer. If found guilty on all charges, they could serve a maximum of 45 years behind bars.

In addition, Tai, Xuyen, and Truong have been indicted with scheming to launder money, which carries a maximum prison sentence of up to 20 years. Tai and Quoc are also confronted with charges of aggravated identity theft and plotting to commit identity fraud, offenses that could result in a maximum incarceration period of 17 years.

The incident follows swiftly after an announcement by the DoJ detailing the indictment of two members of the U.S.-based ViLE hacking group, namely, Sagar Steven Singh (aka Weep) and Nicholas Ceraolo (aka Convict, Anon, and Ominous), who confessed to infiltrating a federal law enforcement database using stolen access credentials and engaging in extortion tactics.

“Identifying themselves as ‘ViLe,’ the defendants’ actions mirrored just that,” declared U.S. Attorney Breon Peace stated. “They breached a law enforcement database and obtained access to confidential personal data, after which they issued threats to harm a victim’s family and publicly expose such information unless monetary demands were met.”

The duo, who were initially charged in March 2023, pleaded guilty to conspiring to commit computer intrusion and aggravated identity theft. They could receive a minimum prison term of two years and a maximum sentence of seven years.

It comes in the wake of fresh sanctions levied by the European Council against six individuals for executing cyber attacks against critical infrastructure and government networks in the European Union and Ukraine.

This includes Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, two hackers affiliated with the COLDRIVER (also known as BlueCharlie, Calisto, Gossamer Bear, and Star Blizzard) hacking collective previously sanctioned by the U.K. and U.S. governments for executing spear-phishing endeavors.

The other four individuals consist of Sklianko Oleksandr Mykolaiovych and Chernykh Mykola Serhiiovych from the Gamaredon (aka Armageddon) clique and Mikhail Tsarev and Maksim Galochkin of the Wizard Spider syndicate, the latter duo being identified as pivotal collaborators in the distribution of Conti and TrickBot malware variants.

“The E.U. is steadfast in its resolve for a universal, unrestricted, and secure cyber domain and underscores the necessity to fortify international cooperation to foster the normative order in this realm,” the Council articulated.