{
	"id": "3d21354d-5589-4f41-8bc3-df8a8b28234e",
	"created_at": "2026-04-06T15:53:43.39676Z",
	"updated_at": "2026-04-10T13:11:35.301894Z",
	"deleted_at": null,
	"sha1_hash": "7f62379260e5bc20ce8948020819f96fd972f81e",
	"title": "Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Roles in Attacking U.S. Companies",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38815,
	"plain_text": "Four Members of Notorious Cybercrime Group ‘FIN9’ Charged\r\nfor Roles in Attacking U.S. Companies\r\nPublished: 2024-06-20 · Archived: 2026-04-06 15:32:15 UTC\r\nNEWARK, N.J. – An indictment was unsealed today charging four Vietnamese nationals for their involvement in\r\na series of computer intrusions that caused victim companies to collectively suffer more than $71 million in losses,\r\nU.S. Attorney Philip R. Sellinger announced.\r\nAccording to the indictment, Ta Van Tai, aka “Quynh Hoa,” aka “Bich Thuy;” Nguyen Viet Quoc, aka “Tien\r\nNguyen;” Nguyen Trang Xuyen; and Nguyen Van Truong, aka “Chung Nguyen,” were members of a sophisticated\r\ninternational cybercrime group known as “FIN9.”  From at least May 2018 through October 2021, the defendants\r\nhacked the computer networks of victim companies throughout the United States and used their access to steal or\r\nattempt to steal non-public information, employee benefits, and funds. The defendants caused their victims to\r\nsuffer more than $71 million in losses.\r\n“The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing\r\ncampaigns, supply chain attacks and other hacking methods to steal millions from their victims. They\r\ndid all of this while hiding behind keyboards, VPNs, and fake identities, and even then, the Department\r\nof Justice found them. My office remains committed to its pursuit of justice for victims, and\r\ncybercriminals everywhere should take notice.”\r\nU.S. Attorney Philip R. Sellinger\r\n“Cyber actors cloak themselves in the virtual world, hiding in a space most people can't see and don't understand,”\r\nFBI – Newark Special Agent in Charge James E. Dennehy said. “However smart these hackers believe they are at\r\ndisguising themselves, these members of the FIN9 group couldn’t conceal their exfiltration of data from their\r\nvictims’ companies. FBI Newark’s Cyber Task Force and our law enforcement partners use precision and\r\ninnovative techniques to expose these people for what they are –  simple thieves. We ask any business or company\r\nfacing a similar attack to reach out to us immediately to protect your systems and to stop these criminals from\r\nmoving on to the next victim.”\r\nAccording to documents filed in this case and statements made in court:\r\nMembers of FIN9, including the defendants, obtained unauthorized access to the computer networks of victim\r\ncompanies through phishing campaigns or other methods, such as supply chain attacks – a type of cyberattack that\r\nseeks to damage an organization by targeting the computer networks of trusted third-party vendors who offer\r\nservices or software vital to the supply chain. After gaining access to their victims’ networks, FIN9 members,\r\nincluding the defendants, used that access to exfiltrate or attempt to exfiltrate non-public information, employee\r\nbenefits, and/or funds. For example, the defendants accessed employee benefit rewards programs maintained by\r\ntheir victims and re-directed digital employee benefits, such as gift cards, to accounts controlled by defendants.\r\nThe defendants also stole gift card information stored on the computer networks of certain victims.\r\nhttps://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies\r\nPage 1 of 2\n\nThe defendants additionally stole personally identifiable information and credit card information associated with\r\nemployees and customers of their victim companies. In an effort to hide their own identities, the defendants\r\nwould, at times, use that information in furtherance of the conspiracy by, for example, registering online accounts\r\nat cryptocurrency exchanges or server hosting companies in the names of individuals whose identities were stolen.\r\nTai, Xuyen, and Truong sold stolen gift cards to third parties, including through an account registered with a fake\r\nname on a peer-to-peer cryptocurrency marketplace, in order to conceal and disguise the source of the stolen\r\nmoney. \r\nTai, Quoc, Xuyen, and Truong are charged with one count of conspiracy to commit fraud, extortion, and related\r\nactivity in connection with computers; one count of conspiracy to commit wire fraud; and two counts of\r\nintentional damage to a protected computer. If convicted, they face up to five years in prison for the conspiracy to\r\ncommit fraud, extortion, and related activity in connection with computers; up to 20 years in prison for the\r\nconspiracy to commit wire fraud; and up to 10 years in prison on each count of intentional damage to a protected\r\ncomputer. Tai, Xuyen, and Truong were charged with one count of conspiracy to commit money laundering,\r\nwhich carries a mandatory maximum penalty of 20 years in prison. Tai and Quoc were also charged with one\r\ncount of aggravated identity theft, which carries a mandatory consecutive term of two years in prison, and one\r\ncount of conspiracy to commit identity fraud, which carries a maximum penalty of 15 years in prison. \r\nU.S. Attorney Sellinger credited the FBI Newark’s Cyber squad, under the direction of Special Agent in Charge\r\nJames E. Dennehy in Newark. He also thanked the FBI Little Rock Cyber squad, under the direction of Special\r\nAgent in Charge Alicia D. Corder.\r\nThe government is represented by Assistant U.S. Attorneys Anthony P. Torntore and Vinay S. Limbachia of the\r\nU.S. Attorney’s Cybercrime Unit in Newark.  \r\nThe charges and allegations contained in the indictment are merely accusations, and the defendants are presumed\r\ninnocent unless and until proven guilty.\r\nSource: https://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies\r\nhttps://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies"
	],
	"report_names": [
		"four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies"
	],
	"threat_actors": [
		{
			"id": "3d3b549e-b77c-4394-9eea-21ed1becc658",
			"created_at": "2025-03-29T02:05:20.759815Z",
			"updated_at": "2026-04-10T02:00:03.832731Z",
			"deleted_at": null,
			"main_name": "GOLD WINDSOR",
			"aliases": [
				"FIN9 "
			],
			"source_name": "Secureworks:GOLD WINDSOR",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775490823,
	"ts_updated_at": 1775826695,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7f62379260e5bc20ce8948020819f96fd972f81e.pdf",
		"text": "https://archive.orkl.eu/7f62379260e5bc20ce8948020819f96fd972f81e.txt",
		"img": "https://archive.orkl.eu/7f62379260e5bc20ce8948020819f96fd972f81e.jpg"
	}
}