4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies.

The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen), have been accused of conducting phishing campaigns and supply chain compromises to orchestrate cyber attacks and steal millions of dollars.

“From at least May 2018 through October 2021, the defendants hacked the computer networks of victim companies throughout the United States and used their access to steal or attempt to steal non-public information, employee benefits, and funds,” the U.S. Department of Justice said in an unsealed indictment last week.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

According to court documents, the individuals – after successfully gaining initial access to target networks – stole gift card data, personally identifiable information, and credit card details associated with employees and customers.

They further used the stolen information to further their criminal activities to evade detection, including opening online accounts at cryptocurrency exchanges and setting up hosting servers.

“Tai, Xuyen, and Truong sold stolen gift cards to third parties, including through an account registered with a fake name on a peer-to-peer cryptocurrency marketplace, in order to conceal and disguise the source of the stolen money,” the DoJ said.

All the four defendants have been charged with one count of conspiracy to commit fraud, extortion, and related activity in connection with computers; one count of conspiracy to commit wire fraud; and two counts of intentional damage to a protected computer. If convicted on all counts, they face up to 45 years in prison.

Additionally, Tai, Xuyen, and Truong have been charged with one count of conspiracy to commit money laundering, which carries a jail term of up to 20 years. Tai and Quoc have also been saddled with one count of aggravated identity theft and one count of conspiracy to commit identity fraud, charges that can have a maximum penalty of up to 17 years in prison.

The development comes days after the DoJ said that two U.S. members of the ViLE hacking group, Sagar Steven Singh (aka Weep) and Nicholas Ceraolo (aka Convict, Anon, and Ominous), pleaded guilty for their involvement in the compromise of a federal law enforcement database by using stolen credentials and engaging in an extortion scheme.

“The defendants called themselves ‘ViLe,’ and their actions were exactly that,” U.S. Attorney Breon Peace said. “They hacked into a law enforcement database and had access to sensitive personal information, then threatened to harm a victim’s family and publicly release that information unless the defendants were ultimately paid money.”

The two men, who were originally charged in March 2023, pled guilty to conspiring to commit computer intrusion and aggravated identity theft. They face a minimum sentence of two years in prison, and a maximum of seven years.

It also follows a new wave of sanctions imposed by the European Council against six persons for conducting cyber attacks against critical infrastructure and government systems in the European Union and Ukraine.

This includes Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, two hackers associated with the COLDRIVER (aka BlueCharlie, Calisto, Gossamer Bear, and Star Blizzard) hacking crew who were previously sanctioned by the U.K. and U.S. governments for carrying out spear-phishing campaigns.

The remaining four encompass Sklianko Oleksandr Mykolaiovych and Chernykh Mykola Serhiiovych of the Gamaredon (aka Armageddon) group and Mikhail Tsarev and Maksim Galochkin of the Wizard Spider gang, the latter two of which are assessed to be key players in the deployment of Conti and TrickBot malware.

“The E.U. remains committed to a global, open, and secure cyberspace and, reiterates the need to strengthen international cooperation to promote the rules-based order in this area,” the Council said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.