Total Tests:
Blog Filters reset x
By Incident
By Jurisdiction
Show More

Cybersecurity
Compliance

Cybersecurity
Legal Advisory
Learn More

Four Members Of FIN9 Cybercrime Gang Indicted For Hacking US Companies

Read also: A fraudster extradited from Ukraine to the US, french police dismantle coco chat website linked to cybercrime, and more.


Thursday, June 27, 2024
Views: 9.2k Read Time: 4 min.

Four Members Of FIN9 Cybercrime Gang Indicted For Hacking US Companies

Four members of FIN9 cybercrime gang indicted for hacking US companies

Four Vietnamese nationals have been charged by the US authorities for their role in a series of hacks that collectively caused over $71 million in losses to American companies. The accused, identified as Ta Van Tai (aka “Quynh Hoa” and “Bich Thuy”), Nguyen Viet Quoc (aka “Tien Nguyen”), Nguyen Trang Xuyen, and Nguyen Van Truong (aka “Chung Nguyen”), were part of the international cybercrime group known as “FIN9.”

From at least May 2018 through October 2021, the defendants allegedly orchestrated numerous cyberattacks targeting several US companies, stealing or attempting to steal non-public information, employee benefits, and funds. According to officials, the FIN9 members employed phishing campaigns and supply chain attacks to gain unauthorized access to their victims’ computer networks. Once inside, they exfiltrated sensitive information, including employee benefits and funds.

In addition to employee benefits, the defendants targeted personally identifiable information (PII) and credit card information belonging to employees and customers of the affected companies. They allegedly used this stolen information to register accounts on cryptocurrency exchanges and server hosting companies under false names.

The charges against Tai, Quoc, Xuyen, and Truong include one count of conspiracy to commit fraud, extortion, and related activity in connection with computers; one count of conspiracy to commit wire fraud; and two counts of intentional damage to a protected computer. If convicted, the accused could face decades in prison.

A fraudster extradited from Ukraine to the US to face charges of $11.8M crypto theft

A fraudster has been extradited from Ukraine to the United States on June 20, 2024, to face charges of wire fraud and the fraudulent use of an unauthorized access device.

According to the indictment, Nikita Andreevich Sklyuev, aka Valeriy Dorojkin, a 37-year-old from Uzbekistan, submitted a malicious app called “EOSIO Wallet Explorer” disguised as a cryptocurrency wallet, to the Apple App Store. This app was designed to steal users' private keys, giving its operator access to victims’ crypto assets.

In one instance, Sklyuev stole over 2 million EOS tokens valued nearly $11.8 million at the time through the app. He changed the private key to the victim’s wallet and then transferred the digital funds from the wallet to multiple other online wallets under his control.

Sklyuev is being held pending a detention hearing on July 3, 2024. The charges he faces carry a maximum penalty of 20 years in prison and a $250,000 fine.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity
Legal Advisory
Learn More

French police shut down Coco chat website linked to cybercrime, child sexual abuse and rapes

French law enforcement authorities have shut down the Coco chat website, which has been implicated in facilitating a range of serious criminal activities, including cybercrime, child sexual abuse, rapes, and homicides.

The investigation into Coco’s operations began in December 2023, uncovering a network of offenders who used the platform to coordinate illicit activities. The crackdown was a collaborative effort involving law enforcement agencies from France, Bulgaria, Germany, Lithuania, the Netherlands, and Hungary.

According to local media, Coco's servers were seized in Germany. The website's main operator, a French citizen named Isaac Steidl, 44, was arrested in Sofia, Bulgaria. Steidl had recently renounced his French citizenship. His wife was arrested in the south of France, and another family member is also in custody.

Authorities carried out simultaneous operations in several countries, with Germany handling the server seizure and Bulgaria handling the operational phase. The Netherlands, Hungary, and Lithuania provided support throughout the investigation.

Operators of illegal streaming service Jetflicks convicted, could face years in prison

A federal jury in Las Vegas, Nevada, the US, has convicted five men for their involvement in operating one of the largest unauthorized streaming services in the United States. The service, known as Jetflicks, generated millions of dollars in subscription revenue, according to officials.

The accused, Kristopher Dallmann, Douglas Courson, Felipe Garcia, Jared Jaurequi, and Peter Huber established an online, subscription-based streaming service in 2007 that utilized software to scour pirate websites for illegal copies of television episodes that were then downloaded and hosted on Jetflicks servers. The Jetflicks catalog included hundreds of thousands of copyrighted television episodes.

The scheme allowed Dallmann and his co-conspirators to make millions of dollars by streaming and distributing stolen content to tens of thousands of paid subscribers. The jury convicted Dallmann, Courson, Garcia, Jaurequi, and Huber of conspiracy to commit criminal copyright infringement. Additionally, Dallmann was convicted of money laundering by concealment and criminal copyright infringement.

Courson, Garcia, Jaurequi, and Huber each face up to five years in prison. Dallmann, due to the additional charges, faces a maximum penalty of 48 years in prison. A sentencing date has not yet been set.

EC sanctions criminals linked to Conti and Trickbot ransomware attacks

The European Council has slapped additional sanctions on six individuals allegedly involved in cyberattacks targeting critical infrastructure in EU member states and Ukraine. Among those sanctioned are Mikhail Tsarev and Maksim Galochkin, key figures linked to the notorious malware strains 'Conti' and 'Trickbot'. Both individuals are reportedly associated with the ‘Wizard Spider’ group, known for conducting ransomware campaigns that targeted various sectors, including healthcare and banking, causing significant economic damage within the European Union.

In a related development, the US Department of Justice has indicted Amin Timovich Stigal, a 22-year-old Russian national, for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems using the WhisperGate data-wiping malware ahead of Russia's invasion of Ukraine.

If convicted, Stigal faces a maximum penalty of five years in prison. The US State Department has also announced a reward of up to $10 million for information leading to Stigal's location and details of his alleged cyber crimes.

Additionally, US authorities have put a $5 million bounty on information leading to the arrest or conviction of Ruja Ignatova, known as the “CryptoQueen”. Ignatova is wanted in the US for orchestrating a scheme that defrauded victims of more than $4 billion, described by officials as “one of the largest global fraud schemes in history.”

ImmuniWeb Newsletter

Get exclusive updates and invitations to our events and webinars:


Private and Confidential Your data will stay private and confidential

What’s next:

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.
Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential