ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > APT9

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: APT9

NamesAPT9 (?)
Country[Unknown]
MotivationFinancial gain
First seen2018
DescriptionMembers of FIN9, including the defendants, obtained unauthorized access to the computer networks of victim companies through phishing campaigns or other methods, such as supply chain attacks – a type of cyberattack that seeks to damage an organization by targeting the computer networks of trusted third-party vendors who offer services or software vital to the supply chain. After gaining access to their victims’ networks, FIN9 members, including the defendants, used that access to exfiltrate or attempt to exfiltrate non-public information, employee benefits, and/or funds. For example, the defendants accessed employee benefit rewards programs maintained by their victims and re-directed digital employee benefits, such as gift cards, to accounts controlled by defendants. The defendants also stole gift card information stored on the computer networks of certain victims.

The defendants additionally stole personally identifiable information and credit card information associated with employees and customers of their victim companies. In an effort to hide their own identities, the defendants would, at times, use that information in furtherance of the conspiracy by, for example, registering online accounts at cryptocurrency exchanges or server hosting companies in the names of individuals whose identities were stolen. Tai, Xuyen, and Truong sold stolen gift cards to third parties, including through an account registered with a fake name on a peer-to-peer cryptocurrency marketplace, in order to conceal and disguise the source of the stolen money.
Observed
Tools used
Counter operationsJan 2024Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Roles in Attacking U.S. Companies
<https://www.justice.gov/usao-nj/pr/four-members-notorious-cybercrime-group-fin9-charged-roles-attacking-us-companies>

Last change to this card: 26 August 2024

Download this actor card in PDF or JSON format

Previous: FIN8
Next: FIN10

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]