Hacker Extradited to US for Stealing Over $2.5 Million in Tax Fraud Attacks

A sophisticated cybercriminal operation that targeted American tax preparation businesses through spearphishing campaigns has culminated in the extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to face federal charges in New York.

The 39-year-old defendant, operating under multiple aliases including “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” orchestrated a multi-year scheme beginning in 2019 that successfully compromised electronic systems of tax businesses across New York, Texas, and other states.

The attack methodology centered on carefully crafted spearphishing emails designed to deceive employees of tax preparation companies into providing system access credentials.

Once inside the corporate networks, Amachukwu and his co-conspirators, including Kingsley Uchelue Utulu, systematically extracted sensitive customer data including Social Security numbers, addresses, and financial information from thousands of taxpayers.

This harvested personally identifiable information became the foundation for an elaborate fraud operation targeting both federal and state tax authorities.

U.S. Attorney’s Office, Southern District of New York analysts identified that the criminal network successfully filed fraudulent tax returns seeking approximately $8.4 million in refunds, ultimately obtaining $2.5 million from the Internal Revenue Service and various state tax agencies.

The operation’s scope expanded beyond traditional tax fraud to exploit the Small Business Administration’s Economic Injury Disaster Loan program, netting an additional $819,000 in fraudulent payouts.

Network Infiltration and Data Exfiltration Techniques

The spearphishing attack vector employed by Amachukwu’s network demonstrated sophisticated social engineering principles combined with technical exploitation methods.

The malicious emails likely contained embedded links or attachments designed to harvest login credentials through credential phishing pages or deploy remote access trojans to establish persistent network access.

Once authenticated access was obtained, the attackers implemented systematic data collection protocols to extract customer databases containing tax preparation records.

The cybercriminals’ ability to maintain prolonged access to multiple tax preparation systems across different states suggests the deployment of advanced persistent threat techniques, including the establishment of backdoor access points and potentially the use of legitimate administrative tools for malicious purposes.

This operational security approach enabled the continuous harvesting of fresh taxpayer data throughout multiple tax seasons, maximizing the financial impact of their fraudulent filing campaigns while evading immediate detection by targeted businesses.

Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial