APT9
Description
Members of FIN9, including the defendants, obtained unauthorized access to the computer networks of victim companies through phishing campaigns or other methods, such as supply chain attacks – a type of cyberattack that seeks to damage an organization by targeting the computer networks of trusted third-party vendors who offer services or software vital to the supply chain. After gaining access to their victims’ networks, FIN9 members, including the defendants, used that access to exfiltrate or attempt to exfiltrate non-public information, employee benefits, and/or funds. For example, the defendants accessed employee benefit rewards programs maintained by their victims and re-directed digital employee benefits, such as gift cards, to accounts controlled by defendants. The defendants also stole gift card information stored on the computer networks of certain victims.
The defendants additionally stole personally identifiable information and credit card information associated with employees and customers of their victim companies. In an effort to hide their own identities, the defendants would, at times, use that information in furtherance of the conspiracy by, for example, registering online accounts at cryptocurrency exchanges or server hosting companies in the names of individuals whose identities were stolen. Tai, Xuyen, and Truong sold stolen gift cards to third parties, including through an account registered with a fake name on a peer-to-peer cryptocurrency marketplace, in order to conceal and disguise the source of the stolen money.
Names
| Name | Name-Giver |
|---|---|
| APT9 | ? |
Country
Motivation
- Financial gain
First Seen
2018
Counter Operations
- 2024-01: Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Roles in Attacking U.S. Companies https://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies
Other Information
Uuid
08faea11-6316-41ce-a1ab-36634740551e
Last Card Change
2024-08-26