Triad Nexus, a notorious network involved in scams and illegal gambling, is expertly circumventing international sanctions to perpetuate its unlawful activities, according to a report by Silent Push.
History and Impact of Triad Nexus
Since its inception in 2020, Triad Nexus has orchestrated fraud schemes resulting in over $200 million in losses. The group primarily engages in cryptocurrency investment frauds known as ‘pig butchering’, which are linked to Asian organized crime syndicates.
Historically dependent on the Funnull content delivery network for various fraudulent activities, Triad Nexus faced a setback when the US imposed sanctions on Funnull. In response, the network employed infrastructure laundering and front companies to obscure its operations and evade sanctions.
Current Operations and Strategies
Despite federal sanctions in 2025, Triad Nexus has reactivated its global fraud mechanisms, now targeting emerging markets while remaining a significant threat to Western businesses. Silent Push’s latest report highlights the group’s ongoing misuse of services from Amazon, Cloudflare, Google, and Microsoft to bolster its infrastructure laundering efforts.
This approach allows their scams to appear legitimate and professional, making them hard to resist even for tech-savvy individuals. The group also continues to rely on AS152194 (CTG Server Limited) as the robust foundation for their operations.
Expanding Global Reach
In addition to cryptocurrency scams, Triad Nexus specializes in brand impersonation, producing exact replicas of well-known websites like Cartier, Chanel, and eBay, among others. Financial institutions such as Bank of America and Goldman Sachs have also been targeted.
To avoid detection post-sanctions, Triad Nexus has blocked US IP addresses from accessing its illicit domains and is expanding into markets in Spain, Vietnam, and Indonesia using localized templates for targeted scams.
To further distance from Funnull, the network utilizes front companies such as Bole CDN and CDN1[.]ai. They have also initiated traffic routing to over 175 CNAME domains, each configured differently to separate client infrastructure and distribute across various enterprise services.
Conclusion and Future Outlook
Triad Nexus’s ability to adapt and continue its operations despite sanctions poses a growing threat to global cybersecurity. As they expand into new markets, international cooperation and advanced security measures are imperative to curb their illicit activities.
