PYMNTS MonitorEdge May 2024

Thailand Seizes Assets Tied to Massive FBI Botnet Case

Thailand is reportedly investigating $27.2 million that an alleged hacker funneled into the country.

Wang YunHe and other co-conspirators had purchased properties and shares of several companies, Bloomberg News reported Saturday (June 1), describing Wang as a “superhacker.”

The report, citing information from the Thai Central Investigation Bureau, said that agency — working with American law enforcement — has seized at least 88 million baht ($2.4 million) in assets such as cash, luxury watches, a car and land deeds from Wang after carrying out searches of four locations in Chon Buri province.

These actions came after the FBI announced last week the takedown of what it called the world’s largest botnet — a fleet of 19 million infected computers — that was rented out to hackers for cybercrimes, with Wang as its alleged administrator.

Wang, a Chinese national, was arrested in Singapore on May 24. He is accused of deploying malware and creating and running a residential proxy service known as “911 S5.”

According to the Bloomberg report, Thailand will try to get a court order to temporarily seize Wang’s assets — and those of his associates — once American officials submit a formal request. Those assets include bank accounts, cryptocurrency accounts, cars, land and condominiums.

Wang and his associates are accused of creating and disseminating malware to compromise millions of residential Windows computers worldwide, the U.S. Department of Justice said last week, including 600,000 unique IP addresses in the U.S.

Federal officials say the botnet infected computers in nearly 200 countries, enabling cybercriminals to commit financial fraud, identity theft and child exploitation.

Investigators also say the 911 S5 allowed criminals to steal billions of dollars from financial institutions, credit card issuers and federal funding programs. It is also believed they used the service to make fraudulent unemployment insurance claims and applications to the Economic Injury Disaster Loan program using compromised IP addresses.

Elsewhere on the cybercrime front, PYMNTS wrote last about the “emerging arms race between defenders and malicious actors” to use artificial intelligence (AI).

As generative AI matures and becomes more commonplace, its appeal to cybercriminals will likely increase, underlining the need for robust countermeasures.

And as has been noted here recently, AI is changing “how security teams handle cyberthreats by automating the initial stages of incident investigation, analyzing vast amounts of data, and identifying complex patterns, allowing security professionals to begin their work with a clear understanding of the situation and speeding up response times.”