XE Group Cybercrime Kingpin Unveiled by Cybersecurity Researchers

June 1, 2023

Cybersecurity researchers have recently exposed the identity of a person believed to be connected to the cybercrime group known as XE Group. Menlo Security, which gathered information from various online sources, states, "Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group." XE Group, also called XeThanh, has been previously documented by Malwarebytes and Volexity and has been involved in cybercriminal activities since at least 2013. The group is suspected to be of Vietnamese origin and has targeted entities such as government agencies, construction organizations, and healthcare sectors.

The group is known for compromising internet-exposed servers using known exploits and monetizing the intrusions by installing password theft or credit card skimming code for online services. Menlo Security said, "As far back as 2014, the threat actor was seen creating AutoIT scripts that automatically generated emails and a rudimentary credit card validator for stolen credit cards." In March this year, U.S. cybersecurity and intelligence authorities disclosed XE Group's efforts to exploit a critical three-year-old security flaw in Progress Telerik devices (CVE-2019-18935, CVSS score: 9.8) to gain a foothold.

XE Group has also attempted to infiltrate corporate networks in the past through phishing emails sent using fraudulent domains that imitate legitimate companies such as PayPal and eBay. In addition to disguising .EXE files as .PNG files to evade detection, some attacks have employed a web shell called ASPXSpy to gain control of vulnerable systems. The researchers concluded, "XE Group remains a continued threat to various sectors, including government agencies, construction organizations, and healthcare providers."

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.