“The Huione Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed — much of it stolen through Southeast Asian scam centers,” said Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division.
The seized cloud account and Huione Guarantee
The Justice Department announced on Tuesday that it had seized a cloud computing account that hosted backend infrastructure used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate. DOJ said the account was used to operate Huione Guarantee, also known as Haowang Guarantee. Officials described the account as part of a technological backbone that facilitated the movement and concealment of what they characterized as billions in fraud proceeds.
Allegations tied to Telegram channels and escrow services
U.S. officials allege Huione Guarantee operated Telegram channels where participants discussed illicit goods and services, including “the sale of stolen credit card and sensitive personal information, malware-enabled thefts, human trafficking schemes and the laundering of money from romance and investment scams.” The group also allegedly offered escrow services for criminals such as money launderers for cryptocurrency, according to the DOJ announcement.
Treasury’s actions: H-Pay Service and Prince Group sanctions
The Treasury Department announced parallel measures Tuesday to build on its October action severing the Huione Group from the U.S. financial system. Treasury said it had added H-Pay Service to its rule for Huione Group as a successor entity, and it imposed sanctions on nine people and 26 entities linked to the Prince Group. “Huione Group served as a critical node for laundering proceeds of cyber heists and virtual currency investment scams and was used by the Prince Group to transfer and consolidate scam-derived assets,” Treasury’s announcement states.
Last October’s enforcement and ties to Chen Zhi
Tuesday’s actions were described by officials as additions to disruption efforts that began last fall. In October, the Justice Department said it seized bitcoin valued at $15 billion from the chairman of the Prince Group, Chen Zhi, and indicted him over alleged cryptocurrency crimes and other schemes. Separately, an alleged key figure in Chen’s criminal network has been arrested in Cambodia and extradited to China, DOJ said.
How technologists, policymakers, and affected users are likely to respond
- Technologists and security teams will be watching for indicators tied to the seized cloud infrastructure and to Telegram-based marketplaces — both as sources of forensic evidence and as places where illicit services and stolen data are traded.
- Policymakers and regulators will note Treasury’s use of a successor-entity designation (H-Pay Service) alongside targeted sanctions on individuals and entities linked to the Prince Group, a combination of tools intended to constrict access to the U.S. financial system.
- Affected enterprises and the general public will be reminded of the scale and variety of alleged schemes cited by DOJ — including romance and investment scams, sale of stolen payment and personal data, and malware-enabled thefts — and the central role that laundering and escrow services can play in enabling those crimes.
Taken together, the Justice Department’s seizure of cloud infrastructure and Treasury’s parallel sanctions represent a coordinated law-enforcement and financial-pressure response aimed at the backend mechanisms that prosecutors say allowed large-scale fraud to flow and be concealed. Those interventions build on a major set of moves last October — including the seizure of $15 billion in bitcoin tied to the Prince Group chairman — and underscore the way officials are combining criminal charges, asset seizures, and sanctions to disrupt alleged transnational scams.
Read the original CyberScoop story: https://cyberscoop.com/doj-huione-group-cybercrime-seizure/
