Back

Triad Nexus Cybercrime Network Enhances Operations Post-Sanctions

Severity: High (Score: 71.0)

Sources: Cybersecuritynews, Infosecurity-Magazine, www.infosecurityeurope.com

Summary

The Triad Nexus cybercrime network has expanded its global fraud operations despite U.S. Treasury sanctions imposed in 2025. This group, responsible for over $200 million in reported losses, has refined its tactics and infrastructure, now utilizing more than 175 rotating CNAME domains to host scam portals. Their operations include investment scams and brand impersonation, targeting sectors such as banking, luxury retail, and public services. Victims are experiencing average losses of $150,000, with the group employing 'infrastructure laundering' techniques using compromised cloud accounts from major providers like AWS and Google. The network has also localized its scams for Spanish, Vietnamese, and Indonesian markets. In response to these developments, Silent Push has created a CNAME Chain Lookup tool to enhance visibility into the group's operations. Organizations are advised to adopt proactive monitoring strategies to counter these evolving threats. Key Points: • Triad Nexus has expanded its operations using over 175 rotating CNAME domains. • Victim losses average $150,000, with scams targeting banking and luxury retail sectors. • The group employs advanced tactics like 'infrastructure laundering' to evade detection.

Key Entities

  • Carbanak (apt_group)
  • FIN7 (apt_group)
  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • Bangladesh Bank (company)
  • Ronin Network (company)
  • AWS (company)
  • Cloudflare (company)
  • Google (company)
  • Bangladesh (country)
  • North Korea (country)
  • Financial (industry)
  • Healthcare (industry)
  • Retail (industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed