The FBI has indicted four members of the notorious FIN9 group for orchestrating crypto-related hacking attacks on U.S. companies, resulting in over $71 million in losses. The members — Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong — are accused of infiltrating company networks between May 2018 and October 2021 through phishing campaigns and supply chain attacks.

Once inside, they deployed malware, stole sensitive data, and extorted money. They redirected digital employee benefits, like gift cards, to their own accounts and sold these stolen gift cards on a peer-to-peer cryptocurrency marketplace. The group targeted various sectors, including technology, manufacturing, and finance.

The FBI’s Cyber Squads in Newark and Little Rock led the investigation, with the U.S. Attorney’s Cybercrime Unit prosecuting the case. The defendants face multiple charges, including conspiracy to commit fraud, wire fraud, intentional damage to protected computers, money laundering, and identity theft, with potential sentences ranging from 5 to 20 years.

U.S. Attorney Philip R. Sellinger praised the Department of Justice for tracking the defendants despite their advanced methods to evade detection. FBI Special Agent James E. Dennehy emphasized the precision and innovation of the FBI’s Cyber Task Force in uncovering these cybercriminals and urged victims to report similar attacks promptly.

This indictment is part of broader U.S. efforts to disrupt sophisticated cybercrime groups like FIN9, known for their advanced cyber attack techniques.