Public Notices and Press Releases

Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Attacking U.S. Companies

Vietnamese nationals face charges for cyber intrusions causing over $71 million in losses to U.S. companies.

Newark, NJ — Four members of the international cybercrime group "FIN9" have been indicted for their roles in a series of computer intrusions that resulted in more than $71 million in losses for U.S. companies, U.S. Attorney Philip R. Sellinger announced today.

The defendants, Ta Van Tai (aka “Quynh Hoa” or “Bich Thuy”), Nguyen Viet Quoc (aka “Tien Nguyen”), Nguyen Trang Xuyen, and Nguyen Van Truong (aka “Chung Nguyen”), were part of the sophisticated cybercrime group known as “FIN9.” From May 2018 through October 2021, they allegedly hacked into computer networks of various U.S. companies, stealing non-public information, employee benefits, and funds.

Details of the Indictment:

The indictment outlines how the members of FIN9 gained unauthorized access to company networks through phishing campaigns and supply chain attacks, targeting third-party vendors essential to the victims' supply chains. Once inside, they exfiltrated or attempted to exfiltrate non-public information, employee benefits, and funds. They redirected digital employee benefits, like gift cards, to accounts they controlled and stole stored gift card information.

The defendants also stole personally identifiable information and credit card details from employees and customers of the victim companies. To conceal their identities, they used the stolen information to register online accounts at cryptocurrency exchanges or server hosting companies. Tai, Xuyen, and Truong sold the stolen gift cards to third parties through an account registered with a fake name on a peer-to-peer cryptocurrency marketplace.

The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing campaigns, supply chain attacks and other hacking methods to steal millions from their victims. They did all of this while hiding behind keyboards, VPNs, and fake identities, and even then, the Department of Justice found them. My office remains committed to its pursuit of justice for victims, and cybercriminals everywhere should take notice,” said U.S. Attorney Philip R. Sellinger.

Cyber actors cloak themselves in the virtual world, hiding in a space most people can't see and don't understand,” FBI – Newark Special Agent in Charge James E. Dennehy said. “However smart these hackers believe they are at disguising themselves, these members of the FIN9 group couldn’t conceal their exfiltration of data from their victims’ companies. FBI Newark’s Cyber Task Force and our law enforcement partners use precision and innovative techniques to expose these people for what they are – simple thieves. We ask any business or company facing a similar attack to reach out to us immediately to protect your systems and to stop these criminals from moving on to the next victim.”

Charges and Potential Penalties:

  • Conspiracy to Commit Fraud, Extortion, and Related Activity in Connection with Computers: Up to 5 years in prison.
  • Conspiracy to Commit Wire Fraud: Up to 20 years in prison.
  • Intentional Damage to a Protected Computer (2 counts): Up to 10 years in prison per count.
  • Conspiracy to Commit Money Laundering (Tai, Xuyen, Truong): Up to 20 years in prison.
  • Aggravated Identity Theft (Tai, Quoc): Mandatory consecutive term of 2 years in prison.
  • Conspiracy to Commit Identity Fraud (Tai, Quoc): Up to 15 years in prison.

Investigation and Prosecution:

The investigation was led by the FBI Newark’s Cyber squad, under Special Agent in Charge James E. Dennehy, with assistance from the FBI Little Rock Cyber squad, under Special Agent in Charge Alicia D. Corder. Assistant U.S. Attorneys Anthony P. Torntore and Vinay S. Limbachia of the U.S. Attorney’s Cybercrime Unit in Newark are prosecuting the case.

The charges in the indictment are accusations, and the defendants are presumed innocent unless and until proven guilty.

I'm interested
I disagree with this
This is unverified