Four Vietnamese Nationals Indicted in Major Cybercrime Case Linked to FIN9 Group
The U.S. Department of Justice has announced the indictment of four Vietnamese individuals tied to the notorious FIN9 cybercrime organization. These defendants are facing serious charges for their roles in a series of cyber intrusions that have resulted in over $71 million in damages to various companies across the United States.
The individuals identified are Ta Van Tai (also known as Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (known as Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (referred to as Chung Nguyen). They are accused of executing phishing operations and compromising supply chains to facilitate cyberattacks that have led to significant financial theft.
Between May 2018 and October 2021, the defendants are alleged to have infiltrated the computer networks of multiple victim companies, utilizing their access to steal or attempt to steal sensitive data, including non-public information, employee benefits, and financial assets, according to the Justice Department. Court documents reveal that after gaining unauthorized access to target networks, the accused pilfered data such as gift card numbers, personally identifiable information, and credit card details linked to employees and clients.
The stolen information was reportedly used to further their illicit activities while evading law enforcement. Techniques used included creating online accounts on cryptocurrency exchanges and establishing hosting servers to obscure the source of the stolen funds. The indictment further states that Tai, Xuyen, and Truong sold stolen gift cards through accounts registered under fictitious names on peer-to-peer cryptocurrency marketplaces, effectively laundering the proceeds of their crimes.
Each defendant faces charges of conspiracy to commit fraud, extortion, and related computer activities, as well as conspiracy to commit wire fraud. Additionally, they are charged with intentional damage to protected computers, which can result in prison sentences of up to 45 years if convicted on all counts. Tai, Xuyen, and Truong also face charges of conspiracy to commit money laundering, which carries a potential maximum penalty of 20 years, while Tai and Quoc have been charged with aggravated identity theft and conspiracy to commit identity fraud, punishable by up to 17 years in prison.
This indictment follows another case highlighted by the Justice Department involving two members of the ViLE hacking group, who pled guilty to charges related to a breach of a federal law enforcement database. Their actions included theft of sensitive personal information, which they threatened to release unless paid, underscoring the severity and premeditated nature of these cybercrimes.
The recent indictments not only highlight the ongoing threat posed by organized cybercriminal groups like FIN9 but also shed light on the broader challenge of cybersecurity within the technology sector. As organizations strive to protect their digital infrastructure, they must be aware of common attack tactics aligned with the MITRE ATT&CK framework, including initial access via phishing, credential dumping, and tactics for maintaining persistence through compromised accounts.
Furthermore, this situation is exacerbated by recent sanctions placed by the European Council against individuals involved in cyber attacks targeting critical infrastructure in the European Union and Ukraine, reflecting a heightened international effort to combat cybercrime. As nations grapple with the implications of ransomware, data breaches, and the exploitation of critical systems, the continued vigilance of businesses against potential threats remains paramount in an increasingly interconnected digital landscape.
