Continuing the series on the GoldFactory campaign, the CyProtek investigative team of the Anti-Fraud project continues to expose an international hacker network of alarming scale and sophistication.
Cybercrime network exposed
Over 277 days of monitoring, the Anti-Fraud team tracked a large-scale cybercriminal network with operations centers in multiple countries, including Cambodia, Myanmar, and China. The campaign not only targeted banking users in Vietnam but also expanded its operations to neighboring regions.
Starting from victim reports, the CyProtek investigation team discovered units that led to hundreds of fake websites designed to distribute malicious applications. During the investigation, the team tracked down more than 64 servers used to control victim devices and conduct unauthorized transactions.
“We found that these servers are located in many different locations, closely linked to hacker groups abroad. This shows that this is a large-scale and organized criminal network,” said Mr. Ngo Minh Hieu, a representative of the group.
One notable point is the coordination between domestic and foreign hacker groups. They not only share victims' personal data but also sell attack tools, such as fake apps and malware, through platforms like Telegram and online black markets.
“Cambodian hackers often focus on using fake apps for fraud, while groups in China specialize in developing fake apps and reverse engineering the source code of banking apps to find security vulnerabilities. This helps them optimize their attacks,” the CyProtek team revealed.
Startling numbers from the GoldFactory campaign
More than 421 fake websites were detected.
64 device control servers were traced.
Thousands of bank accounts were hijacked.
Estimated damage up to hundreds of billions of dong.
“Although it is difficult to determine the exact amount of damage, through the cases we investigated, the value of stolen assets is very large,” Mr. Hieu shared.
Challenges in tackling cybercrime
One of the biggest challenges in tackling these scams, the CyProtek team said, is the complexity of the international network. Servers are located overseas, while transactions are often routed through multiple intermediary accounts to cover their tracks.
“Close coordination between domestic and international authorities is needed to completely destroy this network. This is not a simple task,” Mr. Hieu emphasized.
Warning to the community
The CyProtek team calls on the community to raise awareness of cyber threats. Hackers are increasingly sophisticated and dangerous, but if users are vigilant, these tricks can be neutralized.
“We hope that these findings will help people realize the importance of protecting personal information and always be alert to signs of fraud,” the CyProtek team shared.
Operation GoldFactory is a stark reminder of the sophistication and scale of today’s hacker groups. But with the support of the community and authorities, this threat can be completely repelled.
