TRIAD Nexus, an illicit network described as the backbone of scams, money laundering, and illicit gambling, evades sanctions by using front companies and infrastructure laundering to distance itself from the Funnull CDN and other sanctioned infrastructure, according to Silent Push. Operating since at least 2020, the group has been responsible for more than $200 million in losses, with activities including brand impersonation and targeted financial services fraud.
After the US sanctioned Funnull last year, Triad Nexus sought to distance itself from the Philippines-based company while reinstating its global fraud engine and pivoting toward emerging markets such as Spain, Vietnam, and Indonesia, using localised templates to drive illicit profits, Silent Push notes. The operation even relies on cloud services from Amazon, Cloudflare, Google, and Microsoft, along with account mules, to give its scams the appearance of legitimacy and high performance.
It also relies on AS152194 (CTG Server Limited) as the bulletproof backbone and has been routing traffic through more than 175 randomly generated CNAME domains to segment its client infrastructure. 14 April 2026.