TRIAD Nexus Expands Global Fraud Operations Despite US Sanctions reports that a cybercrime network responsible for more than $200m in reported losses has broadened its reach and refined its tactics following US Treasury sanctions in 2025. According to Silent Push, the group continues large-scale investment scams and brand impersonation while shifting its focus toward emerging markets, and has strengthened operational security by introducing geographic restrictions that block US-based investigators.
The researchers note infrastructure laundering through compromised cloud accounts from AWS, Cloudflare, Google and Microsoft to host malicious services and blend scam platforms with legitimate traffic. The network’s fraud ecosystem has also been scaled, with average victim losses reaching $150,000, and there are signs of expansion into Spanish, Vietnamese and Indonesian markets using localised scam templates.
Triad Nexus has implemented a “US block” and deployed clean front companies posing as legitimate service providers, complicating attribution and enabling continued activity in less-regulated regions, according to Silent Push.