The Justice Department on Tuesday said it has seized infrastructure tied to what officials called one of the world’s most prolific criminal marketplaces, used to commit cyber scams and other crimes.

The seized cloud computing account hosted backend infrastructure used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate.

At the same time, the Treasury Department announced fresh sanctions and more against Huione and affiliated companies. The administration actions Tuesday add to disruption efforts from last fall against pieces of the same network.

The Trump administration has placed an emphasis on combating transnational cybercrime and other kinds of scams and fraud.

The seized cloud computing account was used to operate Huione Guarantee, also known as Haowang Guarantee, according to Tuesday’s DOJ announcement.

“The Huione Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed — much of it stolen through Southeast Asian scam centers,” said Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division. “Seizures of these marketplaces is critical in the fight against fraud that affects so many Americans, and to stop avenues for criminal proceeds to be laundered.”

U.S. officials allege that Huione Guarantee operated Telegram channels with discussions about illicit goods and services, including the sale of stolen credit card and sensitive personal information, malware-enabled thefts, human trafficking schemes and the laundering of money from romance and investment scams. Huione Guarantee also allegedly offered escrow services for criminals such as money launderers for cryptocurrency.

Treasury took two steps Tuesday to build on its move in October to sever Huione Group from the U.S. financial system. One was to tack H-Pay Service onto its rule for Huione Group as a successor entity. And it slapped nine people and 26 entities linked to Prince Group with sanctions.

“Huione Group served as a critical node for laundering proceeds of cyber heists and virtual currency investment scams and was used by the Prince Group to transfer and consolidate scam-derived assets,” Treasury’s announcement states.

Also last October, the Justice Department said it seized bitcoin valued at $15 billion from the chairman of the Prince Group, Chen Zhi, and indicted him over alleged cryptocurrency crimes and other schemes. 

An alleged key figure in Chen’s criminal network has been arrested in Cambodia and extradited to China.

The post Justice Department seizes infrastructure used by cyber scam and criminal marketplace appeared first on CyberScoop.

The FBI, along with Google and Lumen Technologies, took down a major cybercrime network based in China that was responsible for an estimated $1.9 billion in losses, officials said Friday. 

Outsider, which provided phishing kits and hosted infrastructure for cybercriminals since July 2023, facilitated a wave of phishing attacks against people and businesses in 55 countries, including the United States, the FBI said in a LinkedIn post.

The jointly coordinated effort dubbed “Operation Ghost Hook” netted the seizure of several domains of the group’s core admin servers, a Shopify storefront, roughly $100,000 from Outsider payment wallets and thousands of domains registered through U.S.-based providers, officials said.

The FBI said it also used an Outsider Telegram bot to access information on the cybercrime network’s customers.

“The criminals behind Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement.

Authorities traced Outsider’s phishing domains to nearly 3.9 million stolen credit cards.

Google, one of the vendors impersonated by the phishing kits, described Outsider as a massive AI-powered operation. 

Outsider provided its phishing kit, which allowed cybercriminals to create fake sites and phishing campaigns to steal credit cards, bank account credentials and personal data, for a weekly subscription as low as $88 per week, the company said in a civil lawsuit it filed to dismantle the cybercrime network’s infrastructure. 

The China-based group behind the operation encouraged and provided step-by-step instructions for customers to use Gemini and other AI platforms to generate custom code for phishing lures and corresponding sites for illegitimate missed packages, overdue highway tolls, parking violations, issues with a brokerage account or wireless carrier rewards.

“The Outsider software allows scammers to request multiple types of verification from victims, including SMS, PIN, email and app verification,” Google wrote in the lawsuit filed in the U.S. District for the Southern District of New York. “This flexibility enables the enterprise to defeat various forms of authentication security.”

Google said it’s working with AT&T, T-Mobile and Verizon to intercept the spam messages before they reach customers, but these types of phishing attacks are prevalent and have been spreading for years. 

Google is also pushing for legislative action, including a series of bills, to combat these scams, General Counsel Halimah DeLaine Prado wrote in a blog post.

“Litigation alone won’t end this,” she wrote. “As threats evolve, our laws must, too.”

Google said it doesn’t know the real names of the people or entities involved in Outsider, but said the operation is supported by multiple cybercrime groups providing different roles with overlapping infrastructure.

The FBI said the takedown was part of Operation Riptide, an ongoing campaign targeting cybercriminals and the infrastructure and financial networks they use to commit fraud.

The post FBI takes down massive China-based cybercrime network that caused $1.9B in losses appeared first on CyberScoop.