Vietnamese Members of FIN9 Hacking Group Charged in US

The US Department of Justice has announced charges against four Vietnamese individuals believed to be responsible for cyberattacks that caused over $71 million in losses to US companies.

According to court documents, the individuals, Nguyen Viet Quoc (aka Tien Nguyen), Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Van Truong (aka Chung Nguyen), and Nguyen Trang Xuyen, were members of the cybercrime group FIN9.

Between May 2018 and October 2021, the defendants allegedly hacked the networks of multiple businesses in the US to steal private information, employee benefits, and funds, causing more than $71 million in losses.

For initial access into victims’ networks, the FIN9 hackers relied on phishing and other methods, including supply chain attacks, in which they compromised third-party vendors providing services to the victim companies.

After infiltrating the victims’ networks, the hackers accessed employee benefit rewards programs and re-directed digital employee benefits, including gift cards, to attacker-controlled accounts. In some cases, they also stole gift card information.

Quoc, Tai, Truong, and Xuyen, along with other members of the FIN9 group, exfiltrated personally identifiable information (PII) and credit card information, and in some cases used that information to register online accounts at cryptocurrency exchanges or hosting companies.

According to the indictment, the defendants sold stolen gift cards to third parties, including via social media accounts and peer-to-peer cryptocurrency marketplaces.

The defendants were charged with conspiracy to commit fraud, extortion, and related activity in connection with computers, wire fraud conspiracy, and intentional damage to a protected computer. Tai, Xuyen, and Truong were also charged with money laundering conspiracy, while Tai and Quoc were also charged with aggravated identity theft.

“The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing campaigns, supply chain attacks and other hacking methods to steal millions from their victims. They did all of this while hiding behind keyboards, VPNs, and fake identities,” US Attorney Philip R. Sellinger commented.