Four Vietnamese nationals have been charged by the US authorities for their role in a series of hacks that collectively caused over $71 million in losses to American companies. The accused, identified as Ta Van Tai (aka “Quynh Hoa” and “Bich Thuy”), Nguyen Viet Quoc (aka “Tien Nguyen”), Nguyen Trang Xuyen, and Nguyen Van Truong (aka “Chung Nguyen”), were part of the international cybercrime group known as “FIN9.”

From at least May 2018 through October 2021, the defendants allegedly orchestrated numerous cyberattacks targeting several US companies, stealing or attempting to steal non-public information, employee benefits, and funds. According to officials, the FIN9 members employed phishing campaigns and supply chain attacks to gain unauthorized access to their victims’ computer networks. Once inside, they exfiltrated sensitive information, including employee benefits and funds.

In addition to employee benefits, the defendants targeted personally identifiable information (PII) and credit card information belonging to employees and customers of the affected companies. They allegedly used this stolen information to register accounts on cryptocurrency exchanges and server hosting companies under false names.

The charges against Tai, Quoc, Xuyen, and Truong include one count of conspiracy to commit fraud, extortion, and related activity in connection with computers; one count of conspiracy to commit wire fraud; and two counts of intentional damage to a protected computer. If convicted, the accused could face decades in prison.

A fraudster extradited from Ukraine to the US to face charges of $11.8M crypto theft

A fraudster has been extradited from Ukraine to the United States on June 20, 2024, to face charges of wire fraud and the fraudulent use of an unauthorized access device.

According to the indictment, Nikita Andreevich Sklyuev, aka Valeriy Dorojkin, a 37-year-old from Uzbekistan, submitted a malicious app called “EOSIO Wallet Explorer” disguised as a cryptocurrency wallet, to the Apple App Store. This app was designed to steal users' private keys, giving its operator access to victims’ crypto assets.

In one instance, Sklyuev stole over 2 million EOS tokens valued nearly $11.8 million at the time through the app. He changed the private key to the victim’s wallet and then transferred the digital funds from the wallet to multiple other online wallets under his control.

Sklyuev is being held pending a detention hearing on July 3, 2024. The charges he faces carry a maximum penalty of 20 years in prison and a $250,000 fine.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity

Legal Advisory

Learn More

French police shut down Coco chat website linked to cybercrime, child sexual abuse and rapes

French law enforcement authorities have shut down the Coco chat website, which has been implicated in facilitating a range of serious criminal activities, including cybercrime, child sexual abuse, rapes, and homicides.

The investigation into Coco’s operations began in December 2023, uncovering a network of offenders who used the platform to coordinate illicit activities. The crackdown was a collaborative effort involving law enforcement agencies from France, Bulgaria, Germany, Lithuania, the Netherlands, and Hungary.

According to local media, Coco's servers were seized in Germany. The website's main operator, a French citizen named Isaac Steidl, 44, was arrested in Sofia, Bulgaria. Steidl had recently renounced his French citizenship. His wife was arrested in the south of France, and another family member is also in custody.

Authorities carried out simultaneous operations in several countries, with Germany handling the server seizure and Bulgaria handling the operational phase. The Netherlands, Hungary, and Lithuania provided support throughout the investigation.

Operators of illegal streaming service Jetflicks convicted, could face years in prison

A federal jury in Las Vegas, Nevada, the US, has convicted five men for their involvement in operating one of the largest unauthorized streaming services in the United States. The service, known as Jetflicks, generated millions of dollars in subscription revenue, according to officials.

The accused, Kristopher Dallmann, Douglas Courson, Felipe Garcia, Jared Jaurequi, and Peter Huber established an online, subscription-based streaming service in 2007 that utilized software to scour pirate websites for illegal copies of television episodes that were then downloaded and hosted on Jetflicks servers. The Jetflicks catalog included hundreds of thousands of copyrighted television episodes.

The scheme allowed Dallmann and his co-conspirators to make millions of dollars by streaming and distributing stolen content to tens of thousands of paid subscribers. The jury convicted Dallmann, Courson, Garcia, Jaurequi, and Huber of conspiracy to commit criminal copyright infringement. Additionally, Dallmann was convicted of money laundering by concealment and criminal copyright infringement.

Courson, Garcia, Jaurequi, and Huber each face up to five years in prison. Dallmann, due to the additional charges, faces a maximum penalty of 48 years in prison. A sentencing date has not yet been set.

EC sanctions criminals linked to Conti and Trickbot ransomware attacks

The European Council has slapped additional sanctions on six individuals allegedly involved in cyberattacks targeting critical infrastructure in EU member states and Ukraine. Among those sanctioned are Mikhail Tsarev and Maksim Galochkin, key figures linked to the notorious malware strains 'Conti' and 'Trickbot'. Both individuals are reportedly associated with the ‘Wizard Spider’ group, known for conducting ransomware campaigns that targeted various sectors, including healthcare and banking, causing significant economic damage within the European Union.

In a related development, the US Department of Justice has indicted Amin Timovich Stigal, a 22-year-old Russian national, for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems using the WhisperGate data-wiping malware ahead of Russia's invasion of Ukraine.

If convicted, Stigal faces a maximum penalty of five years in prison. The US State Department has also announced a reward of up to $10 million for information leading to Stigal's location and details of his alleged cyber crimes.

Additionally, US authorities have put a $5 million bounty on information leading to the arrest or conviction of Ruja Ignatova, known as the “CryptoQueen”. Ignatova is wanted in the US for orchestrating a scheme that defrauded victims of more than $4 billion, described by officials as “one of the largest global fraud schemes in history.”

United States of America France

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

Owners of Empire Market are charged in the US

Developer Linked to LockBit and Conti Ransomware Gangs Arrested in Ukraine

Spain's Most Wanted Cybercriminal Arrested in Romania