Huione Group Implicated in Major Cybercrime Laundering Scheme
The U.S. Department of the Treasury has initiated a process to prohibit Huione Group, a Cambodian entity, from accessing the U.S. dollar financial system. This decision follows the company’s extensive involvement in facilitating cybercrime, specifically in laundering approximately $4 billion on behalf of various cybercriminal organizations, including those linked to North Korea.
The Treasury’s actions stem from findings that Huione Group operates as a significant intermediary for North Korean and other Southeast Asian cybercrime syndicates. These networks commonly engage in illicit activities such as investment scams and fraudulent virtual currency schemes. According to Treasury reports, between August 2021 and January 2023, at least $4 billion in illicit proceeds were funneled through Huione, including about $37 million sourced from North Korean cyber scams.
The U.S. government highlighted that Huione Group has established itself as a primary marketplace for malicious actors, enabling them to profit from cybercrimes that have impacted countless American citizens. By restricting Huione’s access to U.S. banking infrastructure, authorities aim to dismantle its operational capacity to support cybercriminal revenue generation.
Further analysis from blockchain research firm Chainalysis has revealed that Huione Guarantee, an associated illicit marketplace, has laundered over $49 billion in cryptocurrency transactions since its inception. This platform, marketed as a peer-to-peer marketplace, lacks safeguards to authenticate the legitimacy of goods and services, making it an attractive option for various cybercriminal enterprises.
In January, another blockchain analytics firm, Elliptic, designated Huione Guarantee as the world’s largest illicit online market, with transactions surpassing $24 billion in recent years. This scale of operation exceeds that of Hydra, historically the largest darknet market, which handled around $5 billion over six years. This comparison underscores the growing prevalence of cyber scams relative to traditional illicit drug markets.
Federal investigations indicate that Huione Group is not a standalone entity but part of a broader network that supports its money laundering operations. This includes the virtual asset service provider Huione Crypto and the payment service Huione Pay PLC, which facilitate activities ranging from online marketplaces to payment processing in fiat and convertible virtual currencies, often linked to laundering efforts.
The Treasury also previously sanctioned Cambodian senator Ly Yong Phat, whose resorts reportedly served as sites for trafficking and forced labor to support cyber scams. The situation is exacerbated by insufficient law enforcement in East and Southeast Asia, particularly in Cambodia, Laos, Myanmar, and the Philippines, where persistent corruption and inadequate legal frameworks allow these cybercriminal networks to thrive.
From a cybersecurity perspective, the tactics employed in this operation may align with several MITRE ATT&CK frameworks. Techniques such as initial access—leveraging social engineering for infiltration—and persistence—establishing backdoors for ongoing access—are likely integral components of how Huione Group and its partners operate. Moreover, privilege escalation through manipulation of digital currencies and underground banking contributes to their extensive money laundering capability, facilitating the rapid conversion of illicit funds into legitimate assets.
The ramifications of these developments serve as a stark reminder of the vulnerabilities inherent in today’s global financial systems and the ongoing challenges faced by law enforcement in combatting organized cybercrime. As businesses increasingly navigate the complexities of cyber threats, vigilance and understanding of these risks remain paramount.
