The Justice Department announced Tuesday it has seized cloud computing infrastructure supporting Huione Group, a Cambodia-based conglomerate that officials say operated one of the world's largest criminal marketplaces. The seized account hosted backend systems for Huione Guarantee (also called Haowang Guarantee), which allegedly facilitated billions of dollars in fraud proceeds through Southeast Asian scam operations. The Treasury Department simultaneously expanded sanctions against the network, adding H-Pay Service as a successor entity and designating nine individuals and 26 entities linked to the associated Prince Group.
The enforcement action builds on disruption efforts from October 2024, when Treasury first moved to sever Huione Group from the U.S. financial system and DOJ seized $15 billion in bitcoin from Prince Group chairman Chen Zhi. The Trump administration has prioritized combating transnational cybercrime and fraud schemes that target American victims. According to Tysen Duva, assistant attorney general of DOJ's Criminal Division, the seized infrastructure formed a technological backbone enabling criminals to transfer, move, and conceal fraud proceeds.
U.S. officials allege Huione Guarantee operated Telegram channels where criminals discussed and traded illicit goods and services. These channels allegedly facilitated sales of stolen credit card data, sensitive personal information, and malware tools used for theft. The platform also reportedly hosted discussions about human trafficking schemes and provided infrastructure for laundering money from romance scams and fraudulent investment schemes. Additionally, Huione Guarantee allegedly offered cryptocurrency escrow services specifically designed for money launderers and other criminal actors.
The enforcement actions target a network that Treasury describes as a critical node for laundering proceeds from cyber heists and virtual currency investment scams. Officials say the Prince Group used Huione infrastructure to transfer and consolidate assets derived from scam operations. An alleged key figure in Chen Zhi's criminal network has been arrested in Cambodia and extradited to China, though officials did not identify this individual by name.
Organizations should review their exposure to entities connected to Huione Group and Prince Group to ensure compliance with Treasury sanctions. Financial institutions should enhance monitoring for transactions potentially linked to Southeast Asian scam operations, particularly those involving cryptocurrency escrow services or payments routed through Cambodia-based platforms. Security teams should remain alert for indicators of compromise associated with malware and stolen data traded through these criminal marketplaces.
Source: https://cyberscoop.com/doj-huione-group-cybercrime-seizure/