Triad Nexus Dodges Sanctions, Fuels Sophisticated Cyber Attacks

Vaibhav April 14, 2026
Triad-Nexus-Dodges-Sanctions-Fuels-Sophisticated-Cyber-Attacks
Post Views: 14

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus, a notorious cybercrime network involved in scams, money laundering, and illicit gambling operations, has developed tactics to circumvent sanctions imposed on it.

  • Since its inception in 2020, the network has been responsible for over $200 million in losses primarily due to sophisticated cryptocurrency investment fraud (CIF) scams known as ‘pig butchering’
  • Linked to Asian organized crime, Triad Nexus has historically relied on the Funnull content delivery network (CDN) to facilitate various types of fraud

Evasion Methods Employed by Triad Nexus

Following the US sanction of Funnull in 2025, Triad Nexus employed various evasion methods, including:

  • Infrastructure laundering
  • The use of front companies
  • Geo-fencing, to distance itself from the Philippines-based company

According to Silent Push, the group successfully reinstated its global fraud engine, redirecting its focus towards emerging markets while maintaining a persistent threat to Western enterprise assets.

Continued Activities and Expansion

In 2024, Silent Push analyzed 200,000 unique hostnames being proxied through Funnull, linking the group to the Polyfill attack and retail phishing scams targeting major brands.

  • The group continued to rely on AS152194 (CTG Server Limited) as the backbone of its operation
  • To evade post-sanctions monitoring, the group implemented a US block, pivoting to expand into the Spanish, Vietnamese, and Indonesian markets
  • Using localized templates to target these regions, its goal was to ensure its illicit profits continued to flow

“To distance itself from the Funnull brand, Triad Nexus utilized ‘clean’ front companies, including Bole CDN, CDN1.ai, Yunray.ai, CDN5.com, and CTGCDN,” said a spokesperson for Silent Push.

Conclusion

The use of these tactics allowed Triad Nexus to maintain its illicit activities despite federal sanctions. This case highlights the adaptability and resilience of cybercrime networks and the importance of continuous monitoring and improvement of countermeasures to combat their activities.



About Author

Vaibhav

See author's posts

More Stories

RCI-Hospitality-Experiences-Major-Data-Breach-at-Nightclubs

RCI Hospitality Experiences Major Data Breach at Nightclubs

Vaibhav April 14, 2026
Eight-Students-Caught-in-Rs-100-Million-Online-Scam-in-India

Eight Students Caught in Rs 100 Million Online Scam in India

Vaibhav April 12, 2026
Investigating-Cybercrime-with-Virtual-Private-Networks

Investigating Cybercrime with Virtual Private Networks

Vaibhav April 12, 2026

Latest Cyber Security News

Testing-Reveals-Claude-AI-s-Capabilities-and-Limitations

Testing Reveals Claude AI’s Capabilities and Limitations

Vaibhav April 14, 2026
openSSL-4-0-0-Release-Supports-Post-Quantum-Cryptography-and-Drops-Legacy-Protocols

openSSL 4.0.0 Release Supports Post-Quantum Cryptography and Drops Legacy Protocols

Vaibhav April 14, 2026
FBI-and-Indonesian-Police-Disrupt-Major-Phishing-Operation-Linked-to-20M-Scam

FBI and Indonesian Police Disrupt Major Phishing Operation Linked to $20M Scam

Vaibhav April 14, 2026
Microsoft-Resurrects-Windows-Hardware-Dev-Accounts-with-Fast-Track-Program

Microsoft Resurrects Windows Hardware Dev Accounts with Fast-Track Program

Vaibhav April 14, 2026
Kraken-Exchange-Hacked-Insider-Accesses-System-Footage-for-Extortion-Demands

Kraken Exchange Hacked: Insider Accesses System Footage for Extortion Demands

Vaibhav April 14, 2026
en_USEnglish
en_USEnglish